U.S. Power Grid Compromised by Cyberspies

By David Worthington | Wednesday, April 8, 2009 at 9:19 pm

Foreign intelligence agents critically infiltrated systems that operate critical U.S. infrastructure, and left behind malicious software that could disrupt and endanger the day-to-day lives of Americans, the Wall Street Journal reports.

The paper cites anonymous current and former U.S. intelligence officials in its report. The spies are reported to have been agents of China, Russia, and various unnamed other countries. The officials said that the intruders was a mission to map the U.S. electrical grid and other critical infrastructure, and to cultivate the capability to disrupt that infrastructure during a crisis. I’m certainly not surprised, and U.S. agents have probably done the same thing to other countries.

In my reporting for SD Times, I have spoken with companies that develop software according to the US National Security Agency’s Common Criteria Evaluation Assurance Level (EAL) program. EAL is an initiative operated by the National Security Agency to help industry create secure software, and classify existing software. The program is a relatively new public initiative that was born out of the “orange book,” the U.S. military’s once closely guarded guidelines for software security.

To date, only Green Hills Software, a company that develops a specialized operating system called Integrity, has received an acceptably high score on the EAL to address the problem. The NSA is also sponsoring secure programming classes at public universities.

Why is the NSA involving itself in the private sector, you may ask? It needs help. In a recent interview, Rex Black, president of Rex Black Consulting Services, explained to be how software engineers are essentially playing a game of multidimensional chess against hackers.

Black said that a big part of the problem is that modern operating systems (and that includes open-source ones) are constantly evolving and contain tens of millions of lines of code. It is only a matter of time until a defect slips by and is discovered by cybercriminals–or spies – even when the best development practices are followed.

And the technological environment in which an operating system exists is constantly in flux, making it nearly impossible to foresee threats that do not presently exist, but might exist in the future, Black said.

People involved with the EAL effort have told me just how poor the state of infrastructure security is. But fear not, in my research, security industry executives and an NSA official have assured me that President Obama “gets it.”

The reality is that there is an infrastructure crisis, and the WSJ’s hacking report, while troubling, is only a symptom of what ails us. The American Society of Civil Engineers has spent much of the past decade grading the nation’s infrastructure, only to be ignored.

This year, the engineers give the U.S. an overall grade of a D, and estimate that it will take an investment of several trillion dollars to bring states up to code. The stimulus package only goes a small way toward meeting those needs.

It’s time for the U.S to get serious about infrastructure, and yes, it costs money to do these things. That could even require –gasp~-a tax hike to pay for our safety. The work needs to be done, and is long overdue.

7 Comments

Read more: Security

6 Comments For This Post

tom b Says:
April 9th, 2009 at 7:52 am

The Chinese are NOT our allies. Look what they did to Tibet. They’d do the same thing to us in an instant, if there were profit in it. But, for now, they just smile and sell us lead-contaminated trinkets while stealing our jobs and manipulating their currency.

David Worthington Says:
April 9th, 2009 at 8:05 am

tom, they are not our allies, but they have been our banker since the early 2000’s. 🙂

JDoors Says:
April 9th, 2009 at 11:10 am

“This year, the [American Society of Civil Engineers] … estimate that it will take an investment of several trillion dollars to bring states up to code. The stimulus package only goes a small way toward meeting those needs.

Oh hey, what’s another several trillion dollars of debt if it’ll protect us during some imaginary threat? We COULD do this to other nations, they could do it to us, but under what possible scenario would it make sense for any of the largest nations to cripple another?

Who says time travel isn’t possible? I feel like I’ve been transported back to the fifties: “Big scary nation threatens the foundation of our society!”

Should it be fixed? Of course. Should it be a priority? No.

Super_Man Says:
April 9th, 2009 at 12:29 pm

Overall grade of a D, maybe the U.S. needs to hit the books a little harder. This could potentially be devastating. I wonder who is behind the attacks, I was reading that there is reason to believe it is the chinese. “I think that China recognises if in a very strategic sense you want to ensure you have the ability to exploit another country’s potential weakness or vulnerability, but do it in a way that isn’t confrontational …this is a very good way of doing that.” http://www.newsy.com/videos/u_s_power_grid_hacked/ had a pretty solid video about the whole ordeal. Regardless, we need to take action now, and we need to start being more proactive about issues instead of waiting for problems to arise and then try to tackle them.

David Worthington Says:
April 9th, 2009 at 1:28 pm

@JDoors How clean is the drinking water that you consume each day, and how safe is the bridge that you drive over?

Hollie Powell Says:
May 1st, 2010 at 6:58 am

I think that the stimulus package have helped a lot in restoring the economy. right now we can see some improvements in the economy. right now we can see some improvements in the eco..’

1 Trackbacks For This Post

Obama’s Cybersecurity Initivate a Step in the Right Direction | Technologizer Says:
May 29th, 2009 at 5:39 pm

[…] April, I wrote “Obama gets it,” in an article about how critical U.S.infrastructure was vulnerable to damage and disruption. While some of the details haven’t been shared yet, the initiative […]

tom b Says:
April 9th, 2009 at 7:52 am
The Chinese are NOT our allies. Look what they did to Tibet. They’d do the same thing to us in an instant, if there were profit in it. But, for now, they just smile and sell us lead-contaminated trinkets while stealing our jobs and manipulating their currency.
David Worthington Says:
April 9th, 2009 at 8:05 am
tom, they are not our allies, but they have been our banker since the early 2000’s. 🙂
JDoors Says:
April 9th, 2009 at 11:10 am
“This year, the [American Society of Civil Engineers] … estimate that it will take an investment of several trillion dollars to bring states up to code. The stimulus package only goes a small way toward meeting those needs.

It’s time for the U.S to get serious about infrastructure, and yes, it costs money to do these things. That could even require –gasp~-a tax hike to pay for our safety. The work needs to be done, and is long overdue.”

Oh hey, what’s another several trillion dollars of debt if it’ll protect us during some imaginary threat? We COULD do this to other nations, they could do it to us, but under what possible scenario would it make sense for any of the largest nations to cripple another?

Who says time travel isn’t possible? I feel like I’ve been transported back to the fifties: “Big scary nation threatens the foundation of our society!”

Should it be fixed? Of course. Should it be a priority? No.
Super_Man Says:
April 9th, 2009 at 12:29 pm
Overall grade of a D, maybe the U.S. needs to hit the books a little harder. This could potentially be devastating. I wonder who is behind the attacks, I was reading that there is reason to believe it is the chinese. “I think that China recognises if in a very strategic sense you want to ensure you have the ability to exploit another country’s potential weakness or vulnerability, but do it in a way that isn’t confrontational …this is a very good way of doing that.” http://www.newsy.com/videos/u_s_power_grid_hacked/ had a pretty solid video about the whole ordeal. Regardless, we need to take action now, and we need to start being more proactive about issues instead of waiting for problems to arise and then try to tackle them.
David Worthington Says:
April 9th, 2009 at 1:28 pm
@JDoors How clean is the drinking water that you consume each day, and how safe is the bridge that you drive over?
Hollie Powell Says:
May 1st, 2010 at 6:58 am
I think that the stimulus package have helped a lot in restoring the economy. right now we can see some improvements in the economy. right now we can see some improvements in the eco..’

Obama’s Cybersecurity Initivate a Step in the Right Direction | Technologizer Says:
May 29th, 2009 at 5:39 pm
[…] April, I wrote “Obama gets it,” in an article about how critical U.S.infrastructure was vulnerable to damage and disruption. While some of the details haven’t been shared yet, the initiative […]

The Weird History of Windows
Laptopia: Twenty-One Totally Bizarre Laptops
Fifteen Classic Game Console Design Mistakes
The Thirteen Greatest Error Messages of All Time
When the Muppets Worked for IBM
Tech Products That Were Brilliant. And Doomed
The Legend of the Legend of Zelda
15 Breakthrough Products That Went Absolutely Nowhere
The 25 Most Notable Quotes in Tech History
How 1940s Whiskey Ads Predicted the Future
The Great Operating System Games
The Weird Secret Origin of Tech's Favorite Insult

Technologizer by Harry McCracken