The CIA says hackers have compromised foreign utility companies

WASHINGTON — In a rare public warning to the power and utility industry, a CIA analyst last week said cyber attackers have hacked into the computer systems of utility companies outside the United States and made demands, in at least one case causing a power outage that affected multiple cities.

“We do not know who executed these attacks or why, but all involved intrusions through the Internet,” Tom Donahue, the CIA’s top cybersecurity analyst, said Wednesday at a trade conference in New Orleans.

The audience was made up of 300 U.S. and international security officials from the government and from electric, water, oil and gas companies, including BP, Chevron and the Southern Co.

“We suspect, but cannot confirm, that some of the attackers had the benefit of inside knowledge,” Donahue said. He did not specify where or when the attacks took place, their duration or the amount of money demanded. Little said the agency would not comment further.

The remarks come as cyber attackers have made increasingly sophisticated intrusions into corporate computer systems, costing companies worldwide more than $20 billion each year, according to some estimates.

Cyber extortion is a growing threat in the United States, and attackers have radically increased their take from online gambling sites, e-commerce sites and banks, which pay the money to prevent sites from being shut down and to keep the public from knowing their sites have been penetrated, said Alan Paller, research director at the SANS Institute, the cybersecurity education group that sponsored the meeting.

“The CIA wouldn’t have changed its policy on disclosure if it wasn’t important,” Paller said. “Donahue wouldn’t have said it publicly if he didn’t think the threat was very large and that companies needed to fix things right now.”

Over the past year to 18 months, there has been “a huge increase in focused attacks on our national infrastructure networks, … and they have been coming from outside the United States,” said Ralph Logan, principal of the Logan Group, a cybersecurity firm.

It is difficult to track the sources of such attacks, because they are usually made by people who have disguised themselves by worming into three or four other computer networks, Logan said. He said he thinks the attacks were launched from computers belonging to foreign governments or militaries, not terrorist groups.

Over the past 10 years, electric utilities, pipelines, railroads and oil companies have used remotely controlled and monitored valves, switches and other mechanisms. This has resulted in substantial savings in man power and other costs.

But to do that, the companies have installed wireless Internet connections to link the devices to central offices.

“In the past, if they wanted to go out and read a gauge on a gas well, for example, they would have to send a technician in his vehicle; he would drive 100 miles and physically read the gauge and get back in his truck,” Logan said. “Now they can read it from headquarters. But it allows attackers a gateway into the system.”

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Local News

Olivia Vanni / The Herald 
The Mukilteo Lighthouse. Built in 1906, it’s one of the most iconic landmarks in Snohomish County.
The Mukilteo Lighthouse. Built in 1906, it’s one of the most iconic landmarks in Snohomish County. (Olivia Vanni / The Herald)
Mukilteo mayor vetoes council-approved sales tax

The tax would have helped pay for transportation infrastructure, but was also set to give Mukilteo the highest sales tax rate in the state.

Marysville Mayor Jon Nehring gives the state of the city address at the Marysville Civic Center on Wednesday, Jan. 31, 2024, in Marysville, Washington. (Ryan Berry / The Herald)
Marysville council approves interim middle housing law

The council passed the regulations to prevent a state model code from taking effect by default. It expects to approve final rules by October.

x
State audit takes issue with Edmonds COVID grant monitoring

The audit report covered 2023 and is the third since 2020 that found similar issues with COVID-19 recovery grant documentation.

Bothell
Bothell man pleads guilty to sexual abuse of Marysville middle schoolers

The man allegedly sexually assaulted three students in exchange for vapes and edibles in 2022. His sentencing is set for Aug. 29.

Larsen talks proposed Medicaid cuts during Compass Health stop in Everett

Compass Health plans to open its new behavioral health center in August. Nearly all of the nonprofit’s patients rely on Medicaid.

Snohomish County Health Department Director Dennis Worsham on Tuesday, June 11, 2024 in Everett, Washington. (Olivia Vanni / The Herald)
Snohomish County Health Department director tapped as WA health secretary

Dennis Worsham became the first director of the county health department in January 2023. His last day will be July 3.

Police Cmdr. Scott King answers questions about the Flock Safety license plate camera system on Thursday, June 5, 2025 in Mountlake Terrace, Washington. (Olivia Vanni / The Herald)
Mountlake Terrace approves Flock camera system after public pushback

The council approved the $54,000 license plate camera system agreement by a vote of 5-2.

Community members gather for the dedication of the Oso Landslide Memorial following the ten-year remembrance of the slide on Friday, March 22, 2024, at the Oso Landslide Memorial in Oso, Washington. (Ryan Berry / The Herald)
The Daily Herald garners 6 awards from regional journalism competition

The awards recognize the best in journalism from media outlets across Alaska, Idaho, Montana, Oregon and Washington.

Logo for news use featuring the municipality of Gold Bar in Snohomish County, Washington. 220118
Lynnwood man dies in fatal crash on US 2 near Gold Bar

The Washington State Patrol said the driver was street racing prior to the crash on Friday afternoon.

Thousands gather to watch fireworks over Lake Ballinger from Nile Shrine Golf Course and Lake Ballinger Park on Thursday, July 3, 2025 in Mountlake Terrace, Washington. (Olivia Vanni / The Herald)
Thousands ‘ooh’ and ‘aah’ at Mountlake Terrace fireworks show

The city hosts its Independence Day celebrations the day before the July 4 holiday.

Liam Shakya, 3, waves at a float passing by during the Fourth of July Parade on Friday, July 4, 2025 in Everett, Washington. (Olivia Vanni / The Herald)
Everett celebrates Fourth of July with traditional parade

Thousands celebrated Independence Day by going to the annual parade, which traveled through the the city’s downtown core.

Ian Saltzman
Everett Public Schools superintendent wins state award

A group of school administrators named Ian Saltzman as a top educational leader.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.