Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Architecture

U.S. Utilities Face Constant Barrage of Attacks

On Tuesday, during the House’s Energy and Commerce Committee’s cybersecurity hearing, Representatives Henry Waxman and Ed Markey released a report detailing the risks faced by the nation’s power grid. According to responses sent to the lawmakers, the situation is as bad as expected, and could get worse unless changes are made.

On Tuesday, during the House’s Energy and Commerce Committee’s cybersecurity hearing, Representatives Henry Waxman and Ed Markey released a report detailing the risks faced by the nation’s power grid. According to responses sent to the lawmakers, the situation is as bad as expected, and could get worse unless changes are made.

Earlier this year, the two Democratic lawmakers sent questions to 160 utilities, which asked them to describe their cybersecurity strategies and their experiences over the last five years when it came to dealing with security threats.

When answering questions about various cyber attacks, it was revealed that more than a dozen reported daily, constant, or frequent attempted attacks. The attacks range in severity, from unfriendly probes of the network, to Phishing, and malware infection. One utility reported that it was the target of some 100,000 attacks each month. Further, a Northeastern power company said that it was under a constant state of attack from malware and entities seeking to gain access to internal systems.

In the Midwest, another power company said that it was “subject to ongoing malicious cyber and physical activity. For example, we see probes on our network to look for vulnerabilities in our systems and applications on a daily basis. Much of this activity is automated and dynamic in nature – able to adapt to what is discovered during its probing process.”

Additional responses led the lawmakers to inform the committee that warnings issued to President Obama about the threats to the power grid are real, and the proof is clearly seen in the messages from the network administrators themselves. Additionally, the responses also show that most utilities only comply with the cybersecurity standards that are mandated by law, leaving the standards that are voluntary on the sidelines – thus increasing the likelihood of a successful attack.

“National security experts say that cyber attacks on America’s electric grid top the target list for terrorists and rogue states, yet we remain highly vulnerable to attacks,” said Rep. Markey in a statement.

Adding to that, Rep. Waxman said; “The utility responses are sobering. They reveal serious gaps in the security of our electric grid and Congress needs to address these gaps in a bipartisan way.”

The full report is available online

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Security Architecture

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Risk Management

In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing.

Incident Response

Implementation of security automation can be overwhelming, and has remained a barrier to adoption

Security Architecture

Microsoft and Mitre release Arsenal plugin to help cybersecurity professionals emulate attacks on machine learning (ML) systems.