Government officials reporting U.S. electrical system penetrated

by Steve Ragan - Apr 8 2009, 16:00

The Wall Street Journal has broken a story that says the U.S. electrical grid was the apparent victim of an attack by foreign “cyberspies”. According to the story, current and former national-security officials have confirmed the attacks and the presence of related tools left behind on compromised systems.

The alleged cyberspies came from China, Russia, and other countries, the officials told the Journal. Moreover, in addition to the electrical grid, water, sewage and other infrastructure were at risk. Officials reported that they had discovered software tools left behind on the systems, which could be used to destroy components. One former official, speaking about the penetration of the electrical system, said that, “There are intrusions, and they are growing. There were a lot last year.”

The Journal reports that the intrusions were detected by U.S. Intelligence, and attackers “…were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.”

This latest news comes on the heels of another discovery, by the Information Warfare Monitor project, based out of Canada at the University of Toronto. The IWM discovered what they called a GhostNet, which was a network of compromised systems used for espionage on a massive scale.

The researchers uncovered 1,295 infected systems that reside in 103 countries. Moreover, the report calls the infected systems “high-value targets” in almost 30 percent of the cases where an infected system was discovered. Those high-value targets include systems within news media, embassies, NGOs, ministries, and other international organizations. While China was blamed in the press as the source of GhostNet, there was no solid proof.

The Wall Street Journal report and the admissions from the government officials are shocking, yet questionable. First, why were the attacks kept secret for so long? Second, why report them now? Perhaps, there is a good reason for waiting, such as a pending review of national cybersecurity and recommendations over who should manage it.

At the end of this month, a 60-day review of the national cybersecurity policy will be completed. This review, seen as a glowing positive for the government, has still caused some controversy and infighting.

Part of the review will address infrastructure security, which includes the electrical grid, and other utilities that would need protected. One argument that has come up during the review process is who should manage the cybersecurity of the United States.

In February, Director of National Intelligence, Admiral Dennis Blair, told the House Intelligence Committee that the NSA should oversee the national cybersecurity efforts and not the DHS.

“We must recognize that cyber-defense is not a one-time fix; it requires a continual investment of hardware, software and cyber-defenses...the Department of Homeland Security is finding its footing in this area,” Blair said. “The National Security Agency has the greatest repository of cyber talent. With due respect to Congressman Hastings’ 24-year-old new hire [Melissa Hathaway], there are some wizards out there at Fort Meade who can do stuff.”

“I think that capability should be harnessed and built on as we’re trying to protect more than just our intelligence networks or our military networks as we expand to our federal networks and to our critical infrastructure networks. And the reason is that because of the offensive mission that they have, they’re the ones who know best about what’s coming back at us and it’s defenses against those sorts of things that we need to be able to build into wider and wider circles.”

Later, those comments led the then director of the National Cybersecurity Center, Rod Beckstrom, to resign his position. In his resignation letter Beckstrom singled out the NSA, and the way they effectively control the DHS’s efforts through detailees, technology insertions, and to top it all off, “the proposed move of the NPPD and the NCSC to a Fort Meade NSA facility.”

“While acknowledging the critical importance of NSA to out intelligence efforts, I believe this is a bad strategy on multiple grounds,” Beckstrom wrote. “The intelligence culture is very different than a network operations or security structure. In addition, the threats to our democratic processes are significant if all top-level government network security and monitoring are handled by any one organization (either directly or indirectly).”

With that in mind, consider the fact that the intelligence community discovered the penetration of the electrical grid. They are also the most vocal when it comes to preaching security on a national level, and Russia and China are their favorite bad guys.

This isn’t to say they are wrong when they speak about potential threats, but based on what they told the Wall Street Journal, their claims and discoveries almost read like a spin-off of Die Hard 4. All that was missing was an actual mention of a fire sale.

National security is a serious undertaking. Someone will have to manage it, as well as manage how it works side-by-side with the private sector. However, there are more threats online than China and Russia. You could easily make the claim that the compromised systems mentioned in the WSJ report were penetrated by systems in China being controlled by spies stateside.

The entire WSJ story is available here.

Around the Web