Could America's electrical grid be targeted by terrorists or hostile foreign states? Anything's possible. Is a catastrophic electrical grid attack likely? The House of Representatives held a hearing this morning on "smart grid" attacks—and it appears that modernization of electrical utilities nationwide has left huge security loopholes that hackers can exploit.
The hearing, held by the Oversight & Investigations Subcommittee of the House Energy & Commerce Committee, featured testimony by officials from the Government Accountability Office (GAO), and the Congressional Research Service (CRS). National Security Agency head Gen. Keith Alexander has previously told the White House about his fears that Anonymous could attack America's electric grids and cause blackouts.
Rep. Henry Waxman (D–CA) expressed concerns about "unexpected terror attacks or hacking attempts" against America's energy infrastructure. Another subcommittee member, Rep. Diana DeGette (D–CO) noted that smart grid technology—which connects electrical grid infrastructure to the Internet for cost-savings, ease of use, and added services for consumers—is also uniquely at risk from damage by malicious hackers.
Our Representatives are right about the risk... though, to Gen. Alexander's detriment, it's not from Anonymous. Gregory C. Wilshusen of the GAO gave sobering written testimony. While the conversion to a smart grid has modernized America's electrical infrastructure, neither the government nor utility firms have been acting to close urgent security gaps. No monitoring is taking place of electrical utility providers to guarantee that even minimal cybersecurity standards are being put into place. No trade group or coordinating organization has created metrics to measure cybersecurity for energy suppliers. Information-sharing between utility providers is still the exception to the rule. Most worryingly of all, new smart grids still do not include basic event logging and forensic capabilities.
Anonymous spokespersons have explicitly stated that the hacktivist collective is not interested in smart grid attacks. In a post on the quasi-official AnonOps Communications blog, Anonymous responded, saying "Ridiculous! Why should Anonymous shut off power grid? Makes no sense! They just want to make you feel afraid."
However, the threat to the electrical grid likely is not from Anonymous—it instead lies with foreign states interested in damaging the USA's economy. In 2009, it was revealed that Chinese and Russian cyberintruders routinely break into American electrical companies. The bulk of the break-ins were discovered by American intelligence officials, not the victimized utility companies.
[Image: Flickr user Lydiashiningbrightly]