U.S. warns of cyberattacks on water, power

WASHINGTON — The U.S. government on Thursday warned of a heightened risk of a cyberattack that could disrupt the control systems of U.S. companies providing critical services such as electricity and water.

Officials are highly concerned about “increasing hostility” against “U.S. critical infrastructure organizations,” according to the warning, which was released by the Department of Homeland Security on a computer network accessible only to authorized industry and government users. “Adversary intent extends beyond intellectual property theft to include the use of cyber to disrupt … control processes.”

Senior U.S. officials have warned in recent months that foreign adversaries are probing computer systems that operate chemical, electric and water plants. But they are also increasingly concerned about the threat of a potentially destructive cyberattack.

Such attacks are rare. Last summer, more than 30,000 computers at the state-owned oil company Saudi Aramco were destroyed when a virus wiped data from the hard drives. The same virus also damaged computer systems at Ras Gas, an energy company in Qatar.

U.S. intelligence officials have said they think those attacks were linked to the Iranian government. Saudi Arabia and Qatar are allied with Western powers that have tightened economic and oil sanctions against Iran in an effort to slow Iran’s nuclear program.

DHS officials did not provide details on the nature of the latest threat, but there has been renewed concern among government and industry officials about cyber-activity out of the Middle East, particularly Iran.

“There have been oil and gas companies that have seen increased activity out of Iran – not just U.S. but overseas companies,” said one industry official who was not authorized to speak for the record.

The unclassified alert issued Thursday was released by DHS’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT. The agency helps companies investigate intrusions and suggests ways to improve security. In doing so, it collects data about cyber-threats that it can use to alert the private sector.

The alert comes as the Obama administration is ramping up efforts to share more information about threats and encourage greater computer network security. In February, President Obama issued an executive order directing federal agencies to provide more cyber-threat data to industry more quickly.

“This is the sort of information-sharing that everyone’s talking about doing so we can protect critical infrastructure,” said Evan Wolff, a partner at Hunton &Williams and a former DHS adviser who works with industry.

The 13-page alert included specific measures that could be taken to prevent disruptive attacks, industry officials said. It included detailed descriptions of tactics and techniques used to gain access to computers, passwords and various levels of a company’s network. A separate document provided indicators of compromise that can be used by technicians to detect attacks.

“The type of information and detail that DHS is now delivering in these intelligence reports to the community has dramatically improved in the last 18 months,” said Tim Conway, a technical director of the Bethesda, Md.-based SANS Institute, a cyber-training organization that helps companies deflect attacks.

Conway, who worked for more than a decade with the electric sector, said industry officials long demanded for such information from the government. “This is exactly what we’ve been wanting,” he said.

More in Local News

It’s hard to find a parking spot at Wallace Falls State Park

There’s a study under way on how to tackle that issue and others.

At long last, a church of his own

After years of filling in elsewhere, Hallack Greider is the new pastor at Maplewood Presbyterian.

Judge: Lawmakers’ emails, texts subject to public disclosure

News organizations had sued to challenge the Legislature’s claim that members were exempt.

Herald photos of the week

A weekly collection of The Herald’s top images by staff photographers and… Continue reading

Outgoing councilwoman honored by Marysville Fire District

The Marysville Fire District in December honored outgoing City Councilwoman Donna Wright… Continue reading

Officials rule train-pedestrian death an accident

The 37-year-old man was trying to move off the tracks when the train hit him, police say.

Ex-Monroe cop re-arrested after losing sex crime case appeal

He was sentenced to 14 months in prison but was free while trying to get his conviction overturned.

Everett district relents on eminent domain moving expenses

Homeowners near Bothell still must be out by April to make way for a planned new high school.

Number of flu-related deaths in county continues to grow

Statewide, 86 people have died from the flu, most of whom were 65 or older.

Most Read