Cyber Wars: Turn out the lights, the party's over
Is the power grid under cyberattack? U.S. spooks say yes. Better hunker down before Russia or China pulls the plug.
Follow @ifw_cringelyActually, don't bother hitting the light switch, Vladimir or Wen Jiabao will be happy to do it for you. The news this week that our power grid has been infiltrated by bots deposited by Russia, China, and Lord knows who else has put more than a few peoples' boxers in a bunch. Per the Wall Street Journal:
The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.
A spokesdroid with China's Office of Official Denials served up its usual response to these charges:
"The incident of attacks on the U.S. electrical grid from China and Russia simply does not exist," Chinese foreign ministry spokeswoman Jiang Yu told reporters, according to a transcript of the briefing.
(Also, that thing that happened a few years back with the tanks in Tiananmen Square? Just a silly misunderstanding.)
Is this just fearmongering by the feds, or have we really been compromised? Wired blogger Kevin Poulsen is deeply skeptical; he sees this as a literal power play by the NSA to take over control over the national light switch.
I'm not so sure. How hard is it to hack our power grid? Slightly more difficult than opening a box of Cracker Jacks wrapped in duct tape, according to penetration tester Ira Winkler, whose firm was recently hired by an unnamed utilities company to test its system security:
"We had to shut down within hours," Winkler says, "because it was working too well. We more than proved that they were royally screwed."
The reason why is because the supervisory, control, and data acquisition (SCADA) systems that control power plants are connected to the Internet and operated by humans, two notoriously insecure systems. A little social engineering, a pinch of malware, and voila -- Winkler had easy access to the prize inside the box.
