Is it just me, or is anyone else baffled by the thought that the control of electrical utilities can be accessed over the Internet? I might be a little old-fashioned when it comes to this sort of thing, but shouldn’t such important parts of the energy infrastructure be offline?
CIA: Hackers to Blame for Power Outages
Hackers literally turned out the lights in multiple cities after breaking into electrical utilities and demanding extortion payments before disrupting the power, a senior CIA analyst told utility engineers at a trade conference.
All the break-ins occurred outside the United States, said senior CIA analyst Tom Donahue. The U.S. government believes some of the hackers had inside knowledge to cause the outages. Donahue did not specify what countries were affected, when the outages occurred or how long the outages lasted. He said they happened in “several regions outside the United States.”
“In at least one case, the disruption caused a power outage affecting multiple cities,” Donahue said in a statement. “We do not know who executed these attacks or why, but all involved intrusions through the Internet.”
A CIA spokesman Friday declined to provide additional details.
“The information that could be shared in a public setting was shared,” said spokesman George Little. “These comments were simply designed to highlight to the audience the challenges posed by potential cyber intrusions.”
Donahue spoke earlier this week at the Process Control Security Summit in New Orleans, a gathering of engineers and security managers for energy and water utilities.
The Bush administration is increasingly worried about the little-understood risks from hackers to the specialized electronic equipment that operates power, water and chemical plants.
In a test last year, the Homeland Security Department produced a video showing commands quietly triggered by simulated hackers having such a violent reaction that an enormous generator shudders as it flies apart and belches black-and-white smoke.
The recorded demonstration, called the “Aurora Generator Test,” was conducted in March by government researchers investigating a dangerous vulnerability in computers at U.S. utility companies known as supervisory control and data acquisition systems. The programming flaw was fixed, and equipment makers urged utilities to take protective measures.