WASHINGTON — In a rare public warning to the power and utility industry, a CIA analyst last week said cyber attackers have hacked into the computer systems of utility companies outside the United States and made demands, in at least one case causing a power outage that affected multiple cities.
“We do not know who executed these attacks or why, but all involved intrusions through the Internet,” Tom Donahue, the CIA’s top cybersecurity analyst, said Wednesday at a trade conference in New Orleans.
The audience was made up of 300 U.S. and international security officials from the government and from electric, water, oil and gas companies, including BP, Chevron and the Southern Co.
“We suspect, but cannot confirm, that some of the attackers had the benefit of inside knowledge,” Donahue said. He did not specify where or when the attacks took place, their duration or the amount of money demanded. Little said the agency would not comment further.
The remarks come as cyber attackers have made increasingly sophisticated intrusions into corporate computer systems, costing companies worldwide more than $20 billion each year, according to some estimates.
Cyber extortion is a growing threat in the United States, and attackers have radically increased their take from online gambling sites, e-commerce sites and banks, which pay the money to prevent sites from being shut down and to keep the public from knowing their sites have been penetrated, said Alan Paller, research director at the SANS Institute, the cybersecurity education group that sponsored the meeting.
“The CIA wouldn’t have changed its policy on disclosure if it wasn’t important,” Paller said. “Donahue wouldn’t have said it publicly if he didn’t think the threat was very large and that companies needed to fix things right now.”
Over the past year to 18 months, there has been “a huge increase in focused attacks on our national infrastructure networks, … and they have been coming from outside the United States,” said Ralph Logan, principal of the Logan Group, a cybersecurity firm.
It is difficult to track the sources of such attacks, because they are usually made by people who have disguised themselves by worming into three or four other computer networks, Logan said. He said he thinks the attacks were launched from computers belonging to foreign governments or militaries, not terrorist groups.
Over the past 10 years, electric utilities, pipelines, railroads and oil companies have used remotely controlled and monitored valves, switches and other mechanisms. This has resulted in substantial savings in man power and other costs.
But to do that, the companies have installed wireless Internet connections to link the devices to central offices.
“In the past, if they wanted to go out and read a gauge on a gas well, for example, they would have to send a technician in his vehicle; he would drive 100 miles and physically read the gauge and get back in his truck,” Logan said. “Now they can read it from headquarters. But it allows attackers a gateway into the system.”
Talk to us
- You can tell us about news and ask us about our journalism by emailing newstips@heraldnet.com or by calling 425-339-3428.
- If you have an opinion you wish to share for publication, send a letter to the editor to letters@heraldnet.com or by regular mail to The Daily Herald, Letters, P.O. Box 930, Everett, WA 98206.
- More contact information is here.
