New Breed Of Hacker Targeting The Smart Grid

In recent months, U.S. utilities, manufacturers and technology firms received $3.4 billion as part of the economic stimulus package. These funds have been allocated to help modernize the country's electric power system and increase energy efficiency. However, as these "smart-grid" grants continue to be awarded, questions are being raised about how to safeguard smart meters and other critical infrastructure from cyber attacks. SCADA systems, which have been in place for years, are increasingly subject to cyber attacks, as many are built around legacy technologies with weaker protocols that are inherently more vulnerable. In addition, these systems and their underlying networks have increasingly been interconnected to improve access to management and operational data. Since 2000, the number of successful cyber attacks has increased tenfold against SCADA systems at power generation, petroleum production and nuclear plants and water treatment facilities. In fact, the North American Electric Reliability Corporation (NERC) announced the week of April 5, 2010, that an electric utility in Texas had been attacked from Internet address ranges outside of the US. We are aware of numerous other attacks against electric and gas utilities which have not been widely publicized. For example, to get into a utility's network, a hacker could potentially go to work for a business that sells products or services to a company, which would allow them to have regular e-mail communications with the company's procurement office. Once the hacker has established a trusted business relationship with the procurement office, they could send an email with advanced malware or a Trojan horse. This will allow them to create a virtual tunnel from the hacker's computer directly to the procurement office employee's computer behind the company firewall. At that point, the hacker can access the company's network without being detected, and use this system as a launch point for further attacks.