Spies penetrate the U.S. power grid

SAN JOSE, Calif. — Spies hacked into the U.S. electric grid and left behind computer programs that would let them disrupt service, exposing potentially catastrophic vulnerabilities in key pieces of national infrastructure, The Associated Press has learned.

The intrusions were discovered after electric companies gave the government permission to audit their systems, a former U.S. government official said.

The inspections of the electric grid were triggered by fears over a March 2007 video from the Idaho National Laboratory, which had staged a demonstration of what damage hackers could do if they seized control of a crucial part of the electric grid. The video showed a power turbine spinning out of control until it became a smoking hulk and shut down.

ADVERTISEMENT
0 seconds of 0 secondsVolume 0%
Press shift question mark to access a list of keyboard shortcuts
00:00
00:00
00:00
 

Although the resulting audits turned up evidence of spying, the former official said the extent of the problem is unknown, because the government does not have blanket authority to examine other electric systems.

“The vulnerability may be bigger than we think,” the official said, adding that the level of sophistication necessary to pull off such intrusions is so high that it is “almost without a doubt” done by state sponsors.

The Wall Street Journal, which reported the intrusions earlier, said officials believe the spies have not yet sought to damage the nation’s electric grid, but that they likely would try in a war or another crisis.

Chinese and Russian officials have denied involvement in hacks on U.S. systems.

The attacks highlight serious problems that utilities like power and water companies face as they add more technologies for remotely managing their facilities. Any system networked to the rest of the world — from financial systems to university records to retail operations — can leave openings for hackers.

Homeland Security spokeswoman Amy Kudwa said her department is “not aware of any disruptions to the power grid caused by deliberate cyber activity here in the United States.” Even so, congressional investigators and intelligence officials have warned that electric utilities are vulnerable to cyber attacks, and utilities acknowledge that their computer networks are routinely under assault.

CIA analyst Tom Donahue told utility engineers at a conference last year that in other countries, hackers had broken into electric utilities and demanded payments before disrupting power — in one case turning off the lights in multiple cities.

The power grid is becoming a bigger target for hackers as more pieces of it are connected to each other or, in some cases, to the Internet.

Employees who work remotely can be a major point of weakness. If their computers can be compromised, hackers can begin working backward into a utility’s central control system. One way that’s done is by so-called “spear phishing,” or trying to fool people into opening personalized e-mails that have malicious programs inside them. Malicious Web applications can be another route for hackers.

“The severity of what we’re seeing is off the charts,” said Tom Kellermann, vice president of security awareness for Core Security Technologies and a member of the Commission on Cyber Security that is advising President Barack Obama. “Most of the critical infrastructure in the U.S. has been penetrated to the root by state actors.”

Joe Weiss, a security expert who has testified before Congress about such threats, said the industry has failed to address these vulnerabilities.

“The human resources computer system in a utility happens to be more cyber-secure than any power plant or electric substation that we have,” said Weiss, managing partner of Applied Control Solutions, a company based in Cupertino, Calif. “The fundamental problem is that we’re paying more attention to the cybersecurity of Facebook than we are to trying to keep our lights on.”

He said the long-term ramifications of such an attack would be severe: If electrical equipment were destroyed, power could be lost for six to nine months, because the replacement gear would take so long to manufacture.

Power grid operators acknowledged Wednesday that they have been the target of frequent computer attacks and said they are working closely with authorities to lock down their networks.

James Fama, the Edison Electric Institute’s executive director of energy delivery, said that “protecting the electrical grid and keeping the power flowing is our industry’s top priority.”

Members of Congress and government agencies have sought to increase oversight of the industry. A bipartisan bill introduced last week in Congress would let the president declare a “cybersecurity emergency” if necessary and shut down Internet traffic to a compromised piece of critical infrastructure such as the power grid.

Securing power systems against cyber attacks might get even more complicated with the development of so-called “smart grids.” Smarter grids are being built to make electricity delivery far more efficient, saving precious resources. But they require the extension of two-way digital communications down to “smart meters” at homes and new digital sensors to track real-time power usage. Extra nodes on a network can become new openings for spies.

“The more you push communications, intelligence (across the grid) … you’re adding some level of risk,” said Brian Seal, a senior project manager involved in power delivery at the Electric Power Research Institute, an industry-sponsored research group.

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Local News

Everett Historic Theater owner Curtis Shriner inside the theater on Tuesday, May 13, 2025 in Everett, Washington. (Olivia Vanni / The Herald)
Historic Everett Theatre sale on horizon, future uncertain

With expected new ownership, events for July and August will be canceled. The schedule for the fall and beyond is unclear.

Contributed photo from Snohomish County Public Works Snohomish County Public Works contractor crews have begun their summer 2016 paving work on 13 miles of roadway, primarily in the Monroe and Stanwood areas. This photo is an example of paving work from a previous summer. A new layer of asphalt is put down over the old.
Snohomish County plans to resurface about 76 miles of roads this summer

EVERETT – As part of its annual road maintenance and preservation program,… Continue reading

City of Everett Engineer Tom Hood, left, and City of Everett Engineer and Project Manager Dan Enrico, right, talks about the current Edgewater Bridge demolition on Friday, May 9, 2025 in Everett, Washington. (Olivia Vanni / The Herald)
How do you get rid of a bridge? Everett engineers can explain.

Workers began dismantling the old Edgewater Bridge on May 2. The process could take one to two months, city engineers said.

Smoke from the Bolt Creek fire silhouettes a mountain ridge and trees just outside of Index on Sept. 12, 2022. (Olivia Vanni / The Herald)
County will host two wildfire-preparedness meetings in May

Meetings will allow community members to learn wildfire mitigation strategies and connect with a variety of local and state agencies.

Helion's 6th fusion prototype, Trenta, on display on Tuesday, July 9, 2024 in Everett, Washington. (Olivia Vanni / The Herald)
Helion celebrates smoother path to fusion energy site approval

Helion CEO applauds legislation signed by Gov. Bob Ferguson expected to streamline site selection process.

Vehicles travel along Mukilteo Speedway on Sunday, April 21, 2024, in Mukilteo, Washington. (Ryan Berry / The Herald)
Mukilteo cameras go live to curb speeding on Speedway

Starting Friday, an automated traffic camera system will cover four blocks of Mukilteo Speedway. A 30-day warning period is in place.

Carli Brockman lets her daughter Carli, 2, help push her ballot into the ballot drop box on the Snohomish County Campus on Tuesday, Nov. 5, 2024 in Everett, Washington. (Olivia Vanni / The Herald)
Here’s who filed for the primary election in Snohomish County

Positions with three or more candidates will go to voters Aug. 5 to determine final contenders for the Nov. 4 general election.

Madison Family Shelter Family Support Specialist Dan Blizard talks about one of the pallet homes on Monday, May 19, 2025 in Everett, Washington. (Olivia Vanni / The Herald)
Madison Family Shelter reopens after hiatus

The Pallet shelter village, formerly Faith Family Village, provides housing for up to eight families for 90 days.

Washington State Trooper Chris Gadd is transported inside prior to a memorial service in his honor Tuesday, March 12, 2024, at Angel of the Winds Arena in Everett, Washington. (Ryan Berry / The Herald)
Jury selection begins in Everett trial of driver accused in trooper’s death

Jurors questioned on bias, media exposure in the case involving fallen Washington State Patrol trooper Chris Gadd.

Everett
Five arrested in connection with Everett toddler’s 2024 overdose death

More than a year after 13-month-old died, Everett police make arrests in overdose case.

Marysville School Board President Connor Krebbs speaks during a school board meeting before voting on school closures in the district on Wednesday, Jan. 22, 2025 in Marysville, Washington. (Olivia Vanni / The Herald)
Marysville school board president to resign

Connor Krebbs served on the board for nearly four years. He is set to be hired as a staff member at the district.

Jacquelyn Jimenez Romero / Washington State Standard Labor advocates filled up the governor’s conference room on Monday and watched Gov. Bob Ferguson sign Senate Bill 5041, which extends unemployment insurance to striking workers.
Washington will pay unemployment benefits to striking workers

Labor advocates scored a win on Monday after Gov. Bob Ferguson signed… Continue reading

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.