Can hackers disable the U.S. power grid? This issue, which has been debated for years in the security community, is once again in the news after a segment on cybersecurity on CBS’ 60 Minutes Sunday night, which reports that hackers disabled parts of the power grid in Brazil in 2005 and 2007. The CIA first discussed these events in early 2008, but without divulging the identity of the foreign country that was affected.
Much of the recent discussion about the security of the power grid has been influenced by a proof-of-concept attack released in September 2007 in which the Department of Homeland Security used an electronic attack to destroy a large diesel generator, apparently by altering the engine’s operating cycle and causing it to malfunction. It was part of an experiment named “Aurora” conducted in March 2007 at the Department of Energy’s Idaho lab. A video shows the generator begin to shake and shutter as bolts are sheared off, after which clouds of white and black smoke shoot forth from the engine. The Aurora video was featured in the 60 Minutes report Sunday night.
The notion that such an attack could be launched electronically was unsettling for data center operators, as most mission-critical facilities have banks of large diesel generators on site to provide back-up power in the event of a grid outage.
Security issues for power control systems known as SCADA (Supervisory Control and Data Acquisition) have been a concern for a number of years, and the level of risk posed by attacks on SCADA has been debated within the security community. The government has been studying the risk posed by SCADA hackers for years at its Idaho National Laboratory and Center for SCADA security at Sandia Labs.
The Aurora demonstration was greeted skeptically by some security professionals in a discussion at Bruce Schneier’s blog after the incident was first reported by CNN. SANS noted in 2008 that it “rarely hear(s) about intrusions into the PCS/SCADA community” but has responded with a call for data, offering privacy and anonymity to any parties that can provide details on an incident.
The 60 Minutes report also examines the risk of foreign hackers infiltrating military and financial networks, and reports that the U.S. Central Command network was penetrated. This incident is mentioned in a document from the Center for Strategic and International Studies, a source for the CBS report.”Classified networks at DOD and CENTCOM were hacked by unknown foreign intruders” in November 2008, according to the CSIS chronology. “Even worse, it took several days to dislodge the intruders and resecure the networks.”