State-backed hackers have probed and gained control of networks in parts of the electrical grid at least a dozen times over the last decade, according to officials.
“The grid is a tough target, but a lucrative target,” Keith Alexander, a former director of the National Security Agency, told the Associated Press. “The number of sophisticated attacks is growing. There is a constant, steady upbeat.”
Intrusions have come from China, Russia and Iran. Rather than trying to inflict immediate damage, officials say, the perpetrators have been trying to probe for vulnerabilities and stow away in critical systems.
“If the geopolitical situation changes and Iran wants to target these facilities, if they have this kind of information it will make it a lot easier,” Robert Lee, a former U.S. Air Force cyberwarfare operations officer, told the AP. “It will also help them stay quiet and stealthy inside.”
One specific incident cited by the AP involved Calpine Corp., a power producer with 100 power plants operating in 18 states and Canada. Experts say that information stolen from one of Calpine’s contractors was used to gain access to the company’s systems in 2013, and added that to the best of their knowledge, the perpetrator may still have access to Calpine’s systems today.
Citing another incident, the Wall Street Journal reported on Sunday that Iranian hackers gained control over the operating system of a small dam less than 20 miles from New York City. Officials from the FBI looked into the incident at the Bowman Avenue Dam in Rye, New York, in 2013.
The Department of Homeland Security would not confirm that event, but said in a statement that it was continuing “to coordinate national efforts to strengthen the security and resilience of critical infrastructure” and “working to raise awareness about evolving threats and promote measures to reduce risks.”
Part of the problem is that the technology powering critical infrastructure is often decades old.
“Some of the control systems boot off of floppy disks,” said Patrick Miller, who formerly performed hydroelectric dam cybersecurity for the U.S. Bureau of Reclamation and Army Corps of Engineers. “Some dams have modeling systems that run on something that looks like a washing machine hooked up to tape spools. It looks like the early NASA stuff that went to the moon.”
Intelligence officials have consistently cited the nation’s critical infrastructure as its most significant modern vulnerability in cyberspace. “My No. 1 threat that I see here is the threat to our critical infrastructure,” National Counterintelligence Executive William Evanina told the Washington Examiner in November.
Adm. Mike Rogers, the director of the National Security Agency and head of U.S. Cyber Command, has expressed the same sentiment.
“It is only a matter of ‘when’ that someone uses cyber as a tool to do damage to the critical infrastructure of our nation,” Rogers said in October. “I’m watching nation-states, groups within some of that infrastructure.
“At the moment, it seems to be really focused on reconnaissance and attempting to understand the characteristics of the structure, but it’s only a matter of time I believe until someone actually does something destructive,” Rogers added.
