Cyberattacks and US Utility Vulnerability

On the heels of the recent Canadian report on the cyber espionage network named Ghostnet (E-TIPS®, Vol 7, No 20, "Ghostnet Electronic Spying Links Canada, China and Tibet", April 8, 2009), a key US non-governmental agency has asserted that electric utilities need to guard against the dangers of "simultaneous manipulation" of computers within utility substations and the possible effect on the US power grid. North American Electric Reliability Corp (NERC) is a government-authorized but industry-run regulatory organization established with the mandate of ensuring electricity reliability in the US. A current initiative of NERC is to ensure that companies identify their vulnerabilities to cyber-warfare attack. According to news reports, US government officials believe that private industry, which controls most US electrical utilities, has taken insufficient measures to defend itself against cyber-attacks. NERC believes that an intelligent cyber-attack which could compromise "multiple assets at once, and from a distance" is a credible threat to US utilities and that more protection is needed. NERC did not give its opinion from where threats to US cyber-security may originate nor indicate from where the recent intelligence was acquired, but other commentators have suggested that utility threats may have come from Russia and, like Ghostnet, from China. For an article from the Washington Post, see: http://tinyurl.com/czfdla Summary by: Oren Weichenberg