WASHINGTON/BOSTON (Reuters) - Several power utilities say they face a barrage of cyber attacks on their critical systems, a report by two Democratic lawmakers found echoing warnings from the Obama administration that foreign hackers were trying to bring down the U.S. power grid.
California Representative Henry Waxman released the report, co-authored with Massachusetts Representative Ed Markey, at the House Energy and Commerce Committee’s cybersecurity hearing on Tuesday.
The pair asked some 160 utilities to describe their experiences fighting cyber attacks over the past five years. In response, more than a dozen said they experienced daily, constant or frequent attempted cyber attacks, according to a 35-page report summarizing their responses.
(To read the report, see r.reuters.com/sej38t)
But utilities termed the report as overblown, saying their systems were adequately protected through mandatory standards set by the North American Electric Reliability Corp (NERC) that ensure separation of control systems and consumer-facing or administrative networks.
“The majority of those attacks, while large in number, are the same attacks that every business receives” through web-connected networks, Arkansas Electric Cooperative Corporation Chief Executive Duane Highley told the hearing.
“Those are very routine kinds of attacks and we know very well how to protect against those...Our control systems are not vulnerable to attack,” he told Reuters after the hearing, saying current NERC standards make it illegal to interconnect the public-facing networks and the control centers.
But many lawmakers echoed some senior White House officials in expressing fear that while they do not know of any successful attack on the power grid, hackers may have that ability.
Senior Obama administration officials began warning late last year that foreign enemies are looking to sabotage the U.S. power grid, air traffic control systems, financial institutions and other infrastructure.
Last week, NERC Chief Executive Officer Gerry Cauley told the Reuters Cybersecurity Summit that there has never been a destructive cyber attack on the grid, mostly probes and spying malicious software and that he worried more about physical attacks on the power grid than cyber ones.
Tuesday’s report cited an unidentified Northeastern power provider as saying it was under constant attack from cyber criminals as well as activist groups who have been targeting firms in the energy sector over the past few years.
A power provider from the Midwest said it experienced daily probes of its systems: “Much of this activity is automated and dynamic in nature, able to adapt to what is discovered during its probing process,” the company said.
Markey is running for U.S. Senate in Massachusetts against Republican Gabriel Gomez, seeking the seat vacated by John Kerry, now U.S. Secretary of State.
This year, the House has also passed a cybersecurity bill meant to ease the sharing of data between the government and the private sector, despite the threat of veto by President Barack Obama over privacy concerns. The Senate is working on its own version of the bill.
Highley welcomed the work toward an industry-led solution and better communication with the government, but pleaded with the legislators that “NERC has it covered. Please don’t mess up.”
“We’re all about reliability. We don’t want to have lights going out anymore than anybody else does,” he told Reuters.
Reporting by Jim Finkle in Boston and Alina Selyukh in Washington; Editing by Ros Krasny, Phil Berlowitz and Leslie Gevirtz