Reports Of Spies Penetrating US Power Grid Greatly Exaggerated

April 09, 2009 by Jeff Shepard

Numerous media outlets are reporting on speculation that "cyber-spies" from other countries, particularly Russia and China, may have hacked into the United States’ electric power grid, thus raising concerns over the security of the U.S. energy infrastructure to cyber attacks.

The Wall Street Journal issued the initial report, quoting former and current national security officials, who suggested that the hackers hadn’t done any damage as of yet, but that they had left behind software programs that could be used to disrupt the system, especially in a time of crisis or war. Security concerns are becoming more prominent as utilities use more Internet-based communications and software to control the grid through smart-grid technology.

U.S. Homeland Security Secretary Janet Napolitano admitted to reporters that the power grid is vulnerable to computer attacks, but declined to comment on reports that an intrusion had already taken place.

Nonetheless, Professor Bruce F. Wollenberg of the Electrical and Computer Engineering Department at the University of Minnesota, has offered the following comments to PowerPulse, suggesting that the focus of the reports on the dangers to the grid are greatly exaggerated.

"There have been reports about power control computer security failures for years. The trouble with hacking into a computer system is that it only gets you inside that computer where you could possibly shut down or disrupt that computer. From my experience, shutting down a computer does not immediately result in actions that bring danger to the power system. To do anything to the power system itself you need to know how the SCADA system software and the associated database operate. Then you need to know how to identify specific power system components in that database.

"Finally, you would need to know which breakers to open to cause a major disruption, or which control signal to send to lower a generator output, etc. You literally have to reverse engineer the power system’s or ISO’s computer system and much of its software, and then you need to know enough detail about the power system being operated to do anything significant. This has not been done to my knowledge."