The Wall Street Journal is reporting that there are spies in the grid and hackers, too. Lions, and Tigers, and Bears, Oh My!
But really, we already knew this, and the fact that the WSJ and other mainstream media are beginning to report and ask the questions more intelligently is a big win.
Here's the lede from the article:
Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.
The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.
"The Chinese have attempted to map our infrastructure, such as the electrical grid," said a senior intelligence official. "So have the Russians."
The espionage appeared pervasive across the U.S. and doesn't target a particular company or region, said a former Department of Homeland Security official. "There are intrusions, and they are growing," the former official said, referring to electrical systems. "There were a lot last year."
So, let's ask ourselves, what does this mean for the technology we are all rushing to implement for Smart Grid?
When people like Michael Assante, CSO of NERC can write, as he did recently, that the electric utilities aren't even properly classifying their plants and substations as critical assets, then "Houston, we have a problem."
Here's what Assante said in reporting on the critical asset survey just conducted by NERC: "Closer analysis of the data, however, suggests that certain qualifying assets may not have been identified as “Critical.” Of particular concern are qualifying assets owned and operated by Generation Owners and Generation Operators, only 29 percent of which reported identifying at least one CA, and Transmission Owners, fewer than 63 percent of which identified at least one CA."
Maybe it is time to stop pillorying people like the CIA's Tom Donohue and realize that there actually is a significant "clear and present danger" of risk to our electric grid as it is currently configured, and ask ourselves if a race to install even more IEDs without clearly designing a functional security system that is grid-wise and grid-wide is the right thing to do.