Computer networks controlling the electric grid are plagued with security holes that could allow intruders to redirect power delivery and steal data, the Energy Department warned in a recent report.
Many of the security vulnerabilities are strikingly basic and fixable problems, including a failure to install software security patches or poor password management. Many of the fixes would be inexpensive, according to the Idaho National Lab, an Energy Department facility that conducted the study.
The report reinforces concerns that intelligence officials have raised in recent years about growing surveillance of the electric grid by Chinese and Russian cyber-spies, which The Wall Street Journal reported last year. One worry is that a foreign country could shut down power in parts of the U.S.
The report's release comes hot on the heels of a report from Siemens AG, the German engineering firm, which said it had detected an attack targeting critical infrastructure, the collective term for systems such as electric grids, subways and air-traffic control. Siemens issued a tool to detect and fix the security gap July 22, an unusual acknowledgment of the threat. The company said none of its customers has sustained damage.
"The Siemens attacks from a couple weeks ago, in addition to evidence from several private firms that utilities are being attacked…change the imperative," said Alan Paller, director of research at SANS Institute, a cyber-security training group. He suggests the U.S. needs to adopt a more urgent response.
Read more at the Wall Street Journal.