December 25, 2015
Hackers from around the world—many from Iran—have been stealing detailed information about the American power grid that would enable the Islamic Republic essentially to shut down the United States and return it to the 19th Century before the advent of electricity, The Associated Press reported Monday.
It said security researcher Brian Wallace was tracking hackers who had snatched a California university’s housing files when he discovered that cyber attackers had opened a pathway into the networks running the United States’ power grid.
Digital clues pointed to Iranian hackers. And Wallace found that they had already taken passwords, as well as engineering drawings of dozens of power plants, at least one with the title “Mission Critical.”
The drawings were so detailed that experts told the AP skilled attackers could have used them, along with other tools and malicious code, to knock out electricity flowing to millions of homes.
This breach, the AP said, was not unique. About a dozen times in the last decade, sophisticated foreign hackers have gained enough remote access to control the operations networks that keep the lights on.
Meanwhile, in its lead story Monday, The Wall Street Journal reported that Iranian hackers had entered the control system of a small dam north of New York City two years ago. It said the hackers probed the control system. It said a US intelligence service discovered the intrusion as it monitored computers believed linked to Iranian hackers targeting American firms. It noticed that one of he machines was trolling the Internet looking for vulnerable US industrial control systems.
Information about the government’s response to these hacks is often protected and sometimes classified; many such attacks are never even reported to the government.
So many attackers have invaded the systems that run the US electricity grid that experts say they likely have the capability to strike at will. The AP report only dealt with hacks on the electricity grid, while The Wall Street Journal story pointed to Iranian hacks far beyond the electricity grid. The dam in Rye, New York, is for flood control.
“If the geopolitical situation changes and Iran wants to target these facilities, if they have this kind of information, it will make it a lot easier,” Robert M. Lee, a former US Air Force cyber-warfare operations officer, told the AP.
In 2012 and 2013, in well-publicized attacks, Russian hackers successfully sent and received encrypted commands to US public utilities and power generators; some private firms concluded this was an effort to position interlopers to act in the event of a political crisis.
And the Department of Homeland Security announced about a year ago that a separate hacking campaign, believed by some private firms to have Russian origins, had injected software with malware that allowed the attackers to spy on US energy companies.
“You want to be stealthy,” said Lillian Ablon, a cyber-security expert at the RAND Corporation. “That’s the ultimate power, because when you need to do something you are already in place.”
The hackers have gained access to an aging, outdated power system. Many of the substations and equipment that move power across the US are decrepit and were never built with network security in mind; hooking them up to the Internet over the last decade has given hackers new backdoors into them.
Distant wind farms, home solar panels, smart meters and other networked devices must be remotely monitored and controlled, which opens up the broader system to fresh points of attack.
Attributing attacks is notoriously tricky. Neither US officials nor cybersecurity experts would or could say if the Islamic Republic was involved in the attack Wallace discovered involving Calpine Corp., a power producer with 82 plants operating in 18 states and Canada. Private firms have alleged other recent hacks of networks and machinery tied to the US power grid were carried out by teams from within Russia and China.
Even the Islamic State is trying to hack American power companies, a top Homeland Security official told industry executives in October.
The attack involving Calpine is particularly disturbing because the cyberspies grabbed so much, according to previously unreported documents and interviews with the AP.
They took detailed engineering drawings of networks and power stations from New York to California — 71 in all.
