Texas electrical grid's operator says he is on watch for hackers

Published 9 April 2009

Bob Kahn, CEO of the Electric Reliability Council of Texas: “We are constantly modifying and upgrading our protections as technology advances, business requirements change and new threats emerge”

We wrote yesterday about how Russian and Chinese operatives managed to hack the U.S. electric grid and leave behind “sleeper” software which, at some point in the future, may be remotely activated to disrupt or shut down the grid (8 April 2009 HS Daily Wire). In Texas they are doing something about it. Houston Chronicle’s Tom Fowler writes that Texas’ electric grid operator constantly upgrades its computer security to protect against intrusion by hackers, its chairman said Wednesday following published reports that foreign “spies” have probed the nation’s power grid for vulnerabilities. “We are constantly modifying and upgrading our protections as technology advances, business requirements change and new threats emerge,” said Bob Kahn, CEO of the Electric Reliability Council of Texas, which operates the power grid that carries about 85 percent of the state’s electricity.

The Wall Street Journal reported that in a number of incidents in recent years, it appears operators in China, Russia, and other nations have tried to map out the U.S. power grid and hide software in systems where it might be used in the future. The story cited unnamed U.S. intelligence officials.

The notion of cyber attacks on government operations or public infrastructure is nothing new, said Christian Espinosa, director of research and development for EADS NA Defense Security & Systems Solutions, a San Antonio-based firm.

In the days leading up to Russia’s attacks on the Baltic state of Georgia last summer, Georgian communications systems were disrupted by Internet-based attacks, according to a number of reports at the time. Last year a Chinese computer system called GhostNet was reported to have infiltrated hundreds of computers in the United States and other countries, allegedly to seek information about the Dalai Lama. “The Chinese and the Russians have their hands on just about everything over here,” Espinosa said. “It’s not a surprise to the security community.”

The most common kind of security threat comes from bots, small programs that are installed surreptitiously on computers when a user opens an e-mail with the file attached or visits a Web site containing such a program. Espinosa says once a bot is installed in a system it can send out messages, even steady streams of data, to other bots or to a centralized source providing all types of information about the system it is on. “Companies and governments have become much better at closing themselves off from outside attacks but are lax in preventing information from going out,” he said.

In the instances where Chinese officials were accused of spying on the Dalai Lama, e-mails were sent to his organization disguised as messages from groups that support independence for Tibet - of which the Dalai Lama is spiritual leader. Hackers have also spread bots by sending out messages or creating Web sites that claim to have information about a popular topic or celebrity, Espinosa said.

The power grid may be vulnerable to attacks in part because many grids are controlled using software that tends to be older, more customized and thus more slowly upgraded to handle new security threats, Espinosa said.

Development of “smart grid” technology, where digital meters and other equipment that use wireless communications are installed on homes and at substations and other points on a grid, is also creating new points of possible disruption.

According to a report issued in January by the Department of Energy’s electricity advisory committee on smart grid technology, such systems can bring many benefits to grid operators but “can bring their own cyber security concerns, which will require comprehensive, built-in security during implementation” (see “Smart Grid Vulnerable to Hackers,” 23 March 2009 HS Daily Wire).

The issue of cyber security hasn’t been lost on operators of the U.S. power grid. The North American Electric Reliability Corp. (NERC), which sets standards and enforces electric grid reliability and security throughout the United States, established a series of technical specifications and practices to address cyber threats. “Though we are not aware of any reports of cyber attacks that have directly impacted reliability of the power system in North America to date, it is an issue the industry is working to stay ahead of,” the corporation said in a statement Wednesday. In a letter also released this week, the group’s chief security officer, Michael Assante, warned that some grid operators may not be addressing the threat properly and are relying on outdated ways of thinking about system vulnerabilities. Responses from a survey of grid operators “suggest entities may not have taken such a comprehensive approach in all cases, and instead relied on an ‘add in’ approach, starting with an assumption that no assets are critical,” Assante wrote. “A ‘rule out’ approach (assuming every asset is critical until demonstrated otherwise) may be better suited to this identification process.”