Cyber attacks surging on U.S. power grid, worrying utilities

Like electronic termites — some domestic, some exotics from foreign lands — cyber hackers are trying to penetrate America's power grids. In 1997, Kansas City Power & Light saw about 10,000 such "events" each month. Now it's 10 to 20 every second.

"It's one of those things that we never want to take for granted," said Michael Deggendorf, a KCP&L vice president.

That the nation's utilities do not would seem to be proven by the lights being on at this moment.

But The Wall Street Journal reported Wednesday that cyber hackers in China, Russia and other countries have not only penetrated the U.S. grids, but left behind mechanisms that could enable them to disrupt service during a crisis.

Security and military expert John E. Pike wasn’t shocked that the nation’s power grid — a patchwork built by private and public interests - would be vulnerable.

“In China, buildings and entire towns are full of computer hackers trying to break into American computers.

“It’s mostly industrial espionage - from a developing country trying to steal the good stuff.

“We’ve got all these private companies in the energy sector making sure their grids can’t be messed with by 13-year-old hackers, or that the Mafia isn’t getting into their billing systems,” said Pike, director of the think tank.

Most, however, “probably aren’t focused on protecting themselves from Chinese intelligence.”

Or blackmailers.

CIA analyst Tom Donahue last year told utility engineers at a conference how hackers demanded payments from utilities abroad before disrupting power — once turning off the lights in multiple cities.

The issue of warding off widespread blackouts has become ever more crucial since Sept. 11. Even with backup generating systems at hospitals, military bases and other essential facilities, experts can only speculate about the degree to which grid hackers could cripple the nation during a war.

Experts note that financial institutions, communications and even water systems could be hit by hackers.

The report in The Journal said foreign intruders had not yet sought to damage the nation’s electric grid, but with the software bugs left behind, they could try in a conflict or some other crisis.

Government officials did not comment on The Journal report, although congressional and intelligence officials have warned of vulnerability. Reportedly, Congress approved $17 billion in secret funding to harden government networks.

Stewart Baker, former assistant secretary at the Department of Homeland Security, said Wednesday that electric grids have been hacked for years, and that he would not be surprised if China, Russia and other countries had taken part.

“What I think we’re seeing, as time goes on, is much more careful, much more intentional planned intrusions that have gone beyond hacking into (seeing) what can be found,” said Baker, now at the Center for Strategic and International Studies. “The intruders are carrying out comprehensive surveillance with a view to actually taking action.”

The Journal article said no region or company appeared to be singled out, and that Russian and Chinese officials denied any involvement.

The New York Times recently reported that Canadian researchers uncovered a vast spy network — dubbed GhostNet — that compromised nearly 1,300 computers across much of the globe, including many U.S. systems. The researchers traced it back to China, known as a hacker hotbed, but did not accuse the Beijing government.

At Black & Veatch Corp. in Overland Park, cybersecurity expert Steve Stolze said tougher federal standards were to be fully implemented by the electric industry by the end of June. Those standards include hardening of information systems and keeping track of any attempted intrusions.

“There is definitely more to be done,” said the North America Electric Reliability Corp., an international regulatory group that develops and enforces industry standards.

KCP&L has had a cybersecurity unit for a decade.

Westar Energy Inc. also said it had seen such attempts from within and outside the country and was “doing all the things we need to do to keep the bad guys out,” said John Fitzgerald, vice president.

Similarly, the Southwest Power Pool in Little Rock, Ark., that oversees the area grid said it has had no intrusions and has a robust security system, including automated response alerts.

Pike isn’t sure how much we should be worried.

“I haven’t quite figured out what a hostile attack on our electric grid would look like. If the power goes out, these companies do what they always do — they throw the reset switch or go to backup systems. It happens after every electrical storm.”

But part of the threat is rooted in how modern industries, such as refineries and pipelines, monitor operations through automation and the Internet.

There is more safety if everything is contained at one facility, said Rice University computer scientist Dan Wallach. “But how do you monitor your field gear when it’s scattered all over, like at an electric substation? Can you keep the bad guys out of these automated monitoring systems?”