Power utilities claim 'daily' and 'constant' cyberattacks, says report
A report out of Congress outlines the increased hacks on power grid computer systems, noting that one utility faces 10,000 attempted cyberattacks per month.
Power utilities in the U.S. are under daily cyberattacks, according to report released Tuesday by members of Congress.
Of about 160 utilities surveyed in the 35-page report (PDF), more than a dozen reported "daily," "constant," or "frequent" attempted cyberattacks on their computer systems.
"Grid operations and control systems are increasingly automated, incorporate two-way communications, and are connected to the Internet or other computer networks," the report said. "While these improvements have allowed for critical modernization of the grid, this increased interconnectivity has made the grid more vulnerable to remote cyber attacks."
U.S. lawmakers have been ramping up attention over the past few months about to the need to protect the country's power grid from hackers. If power utilities, water infrastructure, or transportation networks were taken down in a cyberattack, the country's day-to-day operations could be crippled.
According to the report, power disturbances and outages already have major economic ramifications. Currently, power failures are estimated to cost the U.S. between $119 billion and $188 billion per year.
In January, the head of Homeland Security Janet Napolitano announced that she believed a "cyber 9/11" could happen "imminently." Leon Panetta echoed these words during his first major policy speech on cybersecurity last October when he still served as secretary of defense, asserting that the U.S. is facing the possibility of a "cyber-Pearl Harbor" perpetrated by foreign hackers.
The power utilities surveyed in Tuesday's report -- compiled by the offices of U.S. Reps. Ed Markey (D-Mass.) and Henry Waxman (D-Calif.) -- said that the cyberattacks come from phishing, malware infection, and un-friendly probes. One utility said it receives about 10,000 attempted cyberattacks every month, while another said it was under a "constant state of 'attack' from malware and entities seeking to gain access to internal systems."
While the data in the report sounds alarming, none of the utilities reported any damage to their facilities or actual breaches of their systems. In fact, most respondents said the incidents did not even rise to "reportable levels."
According to Reuters, many of the utility companies said that the report was "overblown" and that their systems were well protected under standards set up by the North American Electric Reliability Corp. (NERC).
"The majority of those attacks, while large in number, are the same attacks that every business receives" Arkansas Electric Cooperative Corp. Chief Executive Duane Highley said, according to Reuters. "Those are very routine kinds of attacks and we know very well how to protect against those...Our control systems are not vulnerable to attack."
It's unclear if any legislative action will result from the report. Last year and again this year, the U.S. House of Representatives passed a cybersecurity bill, CISPA, which would let the government share data with private companies, such as power utilities. The bill has not passed the Senate, and President Obama has threatened a veto, saying the legislation does not adequately protect Americans' privacy.
Correction at 6:15 a.m PT May 22: Leon Panetta's title has been fixed.