Robert McMillan writes that CIA Says Hackers Have Cut Power Grid
Criminals have been able to hack into computer systems via the Internet and cut power to several cities, a U.S. Central Intelligence Agency analyst said this week.
Speaking at a conference of security professionals on Wednesday, CIA analyst Tom Donahue disclosed the recently declassified attacks while offering few specifics on what actually went wrong.
Criminals have launched online attacks that disrupted power equipment in several regions outside of the U.S., he said, without identifying the countries affected. The goal of the attacks was extortion, he said.
This doesn’t surprise me but it does perplex me that companies create systems whereby major power grid equipment can be accessed via the internet.
By making anything accessible over the internet you have created a vulnerability because no matter the security systems put in place there is now a chance that criminals will be able to gain access. Even if the technology securing access is perfect (and it is almost impossible to verify whether it is totally secure as new bugs come to light all the time) then there is the avenue of social engineering where a person with access privileges is compromised by the criminals and gives out the required information to access the system.
