U.S. Utilities Under Constant Threat of Targeted Attacks

Last month the House Energy and Commerce Committee held a cybersecurity hearing where a new report was issued on cyber-threats against the nation's power grid.

The findings of the report were a wake-up call for the utilities industry. In a survey of 160 utilities, more than a dozen reported daily, constant, or frequent attempted cyber-attacks. One utility reported that it is targeted more than 100,000 times each month and the attacks range from "unfriendly" probes of the network to phishing attempts.

Another utility reported that many of these attacks are automated and highly dynamic in nature, where threats "adapt to what is discovered during its probing process."

Lawmakers noted that there has not yet been a significant breach of the power grid or other key infrastructure. Yet this report reinforces that it is only a matter of time before a significant breach occurs.

Earlier this year, we released our APT1 Report and along with other digital evidence, it confirmed that a group of hackers in China were gaining access into American corporations, organizations and government agencies. It was also noted there was a focus on companies involved in the critical infrastructure including electrical power grid, gas lines and waterworks in the U.S.

When Mandiant released the report in February, The New York Times reported that, "one target was a company with remote access to more than 60 percent of oil and gas pipelines in North America. The unit was also among those that attacked the computer security firm RSA, whose computer codes protect confidential corporate and government databases."

Representative Henry Waxman stated during the hearings last week that, "The utility responses are sobering. They reveal serious gaps in the security of our electric grid and Congress needs to address these gaps in a bipartisan way."