Hackers Gain Real Power Over Electric Grid

By Larry Walsh  |  Posted Monday, January 28, 2008 03:01 AM

Reports are circulating that the Central Intelligence Agency is openly warning about the "real" threat of foreign hackers' ability to infiltrated the U.S. power grid. The message is short and crystal clear: If the threat isn't recognized and precautions taken, hackers and terrorists could shut off the lights with a flick of a switch.

At the Process Control Security Summit last week, senior CIA analyst Tom Donahue reported that hackers were able to attack power-generation targets outside the U.S. that resulted in blackouts of several cities.

"In at least one case, the disruption caused a power outage affecting multiple cities," Donahue said in a statement. "We do not know who executed these attacks or why, but all involved intrusions through the Internet."

The CIA has made no official comments on Donahue's remarks. Security researchers and analysts have long speculated about the vulnerability of the power grid, particularly following the Sept. 11 terrorist attack. Few thought the electrical distribution network was vulnerability since they were managed by Supervisory Control and Data Acquisition (SCADA) systems, which are typically isolated from LANs and the Internet, and have proprietary Unix-based operating systems.

That theory was put to the test in 2003, when the entire Northeast was plunged into darkness after a failure at a FirstEnergy plant in Ohio caused a cascading blackout across the grid. The overload tripped safety switches at 100 other power plants. While not a direct cause of the blackout, a race condition in the FirstEnergy SCADA system did fail to detect and warn downstream plants on the grid to the power surge. By the time the blackout reached its full extend, more than 10 million people in seven states were without electricity.

While never conclusively linked to the blackout, some speculated that the Blaster worm was able to infect a Windows system connected to the FirstEnergy control network and was--at least in part--connected to the outage.

Following the blackout, then-Secretary of Energy Bill Richardson described the nation's power infrastructure as "a superpower with a third-world electricity grid." Experts echoed his criticism, saying the power industry and government had done little to improve the infrastructure and billions of dollars were needed to ensure steady electrical supplies.

Hacking the electrical grid may have actually been easier. In a casual conversation, a famed security expert who's done consulting work for the White House and other federal agencies bragged that he could dial up and shut off all the lights on the eastern seaboard. If he could do it, no doubt that a sophisticated hacker group or a foreign government could just as easily.

"Most people treated this as a hypothetical, but it is happening and with effect," said a former electric company chief security officer who wish to remain anonymous.

Donahue's remarks are more than just a call to arms. He warning was simply to expect what many have feared: a crossover attack from cyberspace to the physical world. It's not a question of if, but when.