Admiral Mike McConnell, Former Chief of National Intelligence says that the US are extremely dependent on the power grid and that they are not prepared for cyber attacks that would jeopardize it. He also believes that US' enemies have the needed capabilities to carry out a sophisticated attack on the nation's power grid and to achieve a cascading effect that would bring the nation to a standstill.
"It is now clear this cyber threat is one [of] the most serious economic and national security challenges we face as a nation," president Obama has admitted in a recent speech, then added: "We know that cyber intruders have probed our electrical grid, and that in other countries cyber attacks have plunged entire cities into darkness."
He did not name the countries, but it is speculated that he meant Brazil, where a series of cyber attacks took place in the last 5 years and left cities and parts of the country cut off the power grid for a few days.
Jim Lewis, director of the Center for Strategic and International Studies, explains that these attacks were done by highly knowledgeable individuals that are part of organized crime gangs from all over the world. He even thinks that they could be trained Chinese soldiers.
The incident that spurred the US government into action was the theft of an enormous amount of information - terabytes, actually - after the Department of Defense, the Department of State, the Department of Commerce, and probably the Department of Energy and NASA had been breached by a (still unknown) foreign power.
This was the first big breach at national level, but it wasn't the last. It was soon followed by a intrusion into the CENTCOM network - the network that is used by the D.O.D. to coordinate all the actions taken in the two wars that America is currently fighting.
"They could see what the traffic was. They could read documents. They could interfere with things. It was like they were part of the American military command," says Lewis. He believes that behind it were foreign spies that used corrupted memory sticks and thumbnail drives to open a backdoor to the system.
It's not the fact that the US doesn't have the capabilities to reciprocate, but that it has more to lose in a cyber conflict. "We're the ones who've woven the Internet into our economy, into our national security, in ways that they haven't. So, we are more vulnerable," Lewis says.
Tied to this is also the problem of the power grid being regulated by private utilities, which are tested, but actually aren't obligated to comply to government security suggestions. Oil refineries, power plants, electric utilities - all vulnerable and all run for profit without giving security a lot of attention.
Another big problem are the "regular" cyber criminals - the ones that go after the money. Only this year over $100 million dollars have been stolen by breaching US banks' systems. In Virginia, a hacker tried to extort $10 million from the state after stealing and deleting millions of patients' prescription records from a medical database.
This is one of the things that makes Admiral McConnell worry about the integrity of America’s money supply. "Since banking is based on confidence, what happens when you destroy confidence?", he asks. We know that banking networks have been breached repeatedly. The question is - was malicious software left behind, hiding and waiting for the right moment to be put in motion? A top US intelligence official claims that it was.
The bad news in all of this is that the cyberspace enables allows concealment, so the attacks cannot always linked to the attacker. And if you can't prove who was behind it - how do you stop and prosecute them?
UPDATE: Brazilian blackout not caused by hackers.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.