Feeds

US power grid the target of 'numerous and daily' cyber-attacks

Report finds utilities vulnerable, threatened

The Power of One eBook: Top reasons to choose HP BladeSystem

The US electricity grid is under near constant attack from malware and cyber-criminals, yet most utility companies implement only the barest minimum of security standards, according to a new report released by Congressmen Ed Markey (D-MA) and Henry Waxman (D-CA).

"National security experts say that cyber attacks on America's electric grid top the target list for terrorists and rogue states, yet we remain highly vulnerable to attacks," Markey said in a statement. "We need to push electric utilities to enlist all of the measures they can now, and push for stronger standards in Congress that will keep our economy and our country safe from cyber warfare."

Among the report's findings, more than a dozen utilities surveyed said their systems were under "daily," "frequent," or "constant" attack, with one claiming to be the target of around 10,000 attempted cyber-attacks each month.

Yet although the companies admitted to being the targets of attacks, most said they complied only with mandatory cyber-security standards set by the North American Electric Reliability Corporation (NERC).

Only 21 per cent of investor-owned utilities, 44 per cent of municipal or cooperatively-owned utilities, and 62.5 per cent of federally-owned utilities said they had taken any additional, voluntary "Stuxnet measures," as the report terms them.

Stuxnet, as most Reg readers will recall, was the mysterious malware that infected supervisory control and data acquisition (SCADA) systems in plants related to Iran's nuclear enrichment facilities in 2010. Many security researchers believe it was a targeted attack initiated by the US government – and if the US can do it, then so can its enemies.

The report calls out the power grid as a particularly high-profile target for attacks because of its critical importance to industry and infrastructure. According to the report, power outages and disturbances are estimated to cost the US economy between $119bn and $188bn per year, with individual events costing $10bn or more.

"Cyber-attacks can create instant effects at very low cost, and are very difficult to positively attribute back to the attacker," the report states. "It has been reported that actors based in China, Russia, and Iran have conducted cyber probes of U.S. grid systems, and that cyber-attacks have been conducted against critical infrastructure in other countries."

By way of example, the report cites the 2012 malware attack on Saudi Aramco, Saudi Arabia's massive, state-run oil company, which infected some 30,000 computers.

To help harden US infrastructure against such attacks, Markey and Waxman would like to see Congress grant the Federal Energy Regulatory Commission (FERC) additional authority to draft and enforce cyber-security standards among power utility companies.

The report points out that although President Obama signed an executive order in February 2013 identifying critical infrastructure areas and establishing a voluntary cyber-security framework, only an act of Congress can empower agencies to police the standards.

The full text of the report is available here. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.