Cyber Wars: Turn out the lights, the party's over

Is the power grid under cyberattack? U.S. spooks say yes. Better hunker down before Russia or China pulls the plug.

Actually, don't bother hitting the light switch, Vladimir or Wen Jiabao will be happy to do it for you. The news this week that our power grid has been infiltrated by bots deposited by Russia, China, and Lord knows who else has put more than a few peoples' boxers in a bunch. Per the Wall Street Journal:

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.

A spokesdroid with China's Office of Official Denials served up its usual response to these charges:

"The incident of attacks on the U.S. electrical grid from China and Russia simply does not exist," Chinese foreign ministry spokeswoman Jiang Yu told reporters, according to a transcript of the briefing.

(Also, that thing that happened a few years back with the tanks in Tiananmen Square? Just a silly misunderstanding.)

Is this just fearmongering by the feds, or have we really been compromised? Wired blogger Kevin Poulsen is deeply skeptical; he sees this as a literal power play by the NSA to take over control over the national light switch.

I'm not so sure. How hard is it to hack our power grid? Slightly more difficult than opening a box of Cracker Jacks wrapped in duct tape, according to penetration tester Ira Winkler, whose firm was recently hired by an unnamed utilities company to test its system security:

"We had to shut down within hours," Winkler says, "because it was working too well. We more than proved that they were royally screwed."

The reason why is because the supervisory, control, and data acquisition (SCADA) systems that control power plants are connected to the Internet and operated by humans, two notoriously insecure systems. A little social engineering, a pinch of malware, and voila -- Winkler had easy access to the prize inside the box.

Of course, any clown with a hacksaw can cut you off the grid, as was amply demonstrated earlier this week when vandals in Silicon Valley took down big chunks of the Net by gnawing through some fiber optic cables. But simply cutting off the power is probably the least of our concerns. It's the potential to knock out cooling systems for nuke plants (one of which now glows not 20 miles from where I sit) that worries me. I'm stocking up on lead-lined overalls, just in case. has a fun exercise where it steps you through a day in the life without power. Bottom line: Be sure to stock up on AA batteries, canned food, and deodorant.

Me, I think it's only a matter of time before somebody pulls the plug. It's like earthquakes in California or Tom Cruise on a talk show -- you know all hell will break loose eventually.

At that point, the folks who'll be running the show are those Guns-Gold-and-God Y2K wackos who invested their life savings in kerosene-powered generators and beef jerky. Think Road Warrior, only instead of gasoline the currency will be alternating current.

There's a pleasant thought for a Good Friday. I'm going to go hide Easter Eggs now -- and maybe start working on that underground bunker I've been planning to build.

Do power grid vulnerabilities worry you? Share your paranoia below or e-mail me direct:

Think you've got the right stuff to pass our tech quizzes? They're not as easy as they look:


Copyright © 2009 IDG Communications, Inc.