Thursday, April 09, 2009

Analysis of Report on Power Grid Intrusions

After publishing a post on The Wall Street Journal article concerning intrusions into the US electrical grid, I re-read the report and noticed a discrepancy in comments by various "government officials". The story first states (I've added the emphasis):
"The intruders haven't sought to damage the power grid or other key infrastructure..."
but then reports that:
"Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, "If we go to war with them, they will try to turn them on."
The article goes on to state:
"Officials cautioned that the motivation of the cyberspies wasn't well understood, and they don't see an immediate danger. China, for example, has little incentive to disrupt the U.S. economy because it relies on American consumers and holds U.S. government debt."

With the caveat that the article provides no real data to perform an accurate risk assessment, these statements, as reported, are worrying to say the least. If software really has been planted that can "destroy infrastructure components" then my professional opinion is that:
  1. Damage has occurred - If a system is penetrated to the extent that software has been installed that disrupts operations, the system has been damaged. The integrity and operational capacity of the system is compromised. In a large complex network, it is very difficult to regain control when this level of compromise has taken place.

  2. There is immediate danger - As long as systems are compromised with malicious software, the motive of the intruders is unclear and the vulnerabilities and entry points of the intruders remain, then there is an immediate danger. The companies owning these systems are not in control.

U.S. Electrical Grid Intrusions

No comments: