Skip to main content

Hacked or hyped?: Have foreign cyber spies infiltrated the U.S. electricity grid?

This article was published in Scientific American’s former blog network and reflects the views of the author, not necessarily those of Scientific American



On supporting science journalism

If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.


The Wall Street Journal, citing unnamed current and former national security officials, reports that spies from China, Russia and other countries have hacked into the U.S. electricity grid and installed software that could cause mass outages. According to these same officials, the foreign agents have not sabotaged the grid (yet), but rather want to “map our infrastructure” for possible exploitation in case of a future war.

Sound a bit cloak and dagger?

“It’s all hype and it’s fear-mongering,” says Bruce Schneier, a security technologist who writes a blog and is chief of security at BT, a U.K.-based communications services company. He says odds are those countries have mapped U.S. power grids just as the U.S. has no doubt mapped theirs—but that it's sort of business as usual rather than cause for concern.

“It feels like that story [in the WSJ] was planted by somebody,” Schneier says, speculating that the source might just be "some agency posturing for funding” as Congress debates the fiscal year 2010 budget. Plus, the article does not specify the parts of the U.S. grid that foreign governmental agents have allegedly penetrated. “Is it plant computer systems? Substations? Routers? Employee e-mail accounts? Who knows?” asks BNET Energy.

Nevertheless, there's no question the nation's energy grid could be the target of a cyber attack, Schneier says. But he notes that it's no more vulnerable than most other computer systems.

“I am worried about electric grid security, but more about random accidents than about bad guys," Schneier says, pointing to the 2003 blackout when 50 million people in the Northeastern U.S. lost power due to a cascade of failures traced back to sagging power lines in Ohio brushing against some overgrown trees.

The dilapidated state of the electrical grid in the U.S. has drawn a lot of attention in the early months of Barack Obama’s presidency. His administration wants to build a smarter electrical grid that will track and compensate for power disruptions in real time and allow customers to better monitor their own (at times, profligate) energy consumption. Making the domestic power grid smarter will mean tying it to more computers, potentially leaving the whole infrastructure at greater risk, Schneier says, adding, however, that "if done well, a smart grid could be more reliable and safer” than today’s system.

This will not be easy. “The North American electric power system grid might be the most complex machine ever built,” says Massoud Amin, professor of electrical and computer engineering at the University of Minnesota and an expert on electrical grid security.

Schneier says, however, that  “there’s actually some security in being a hulking relic of technology,” noting that modern computers with complex, porous operating systems, such as Windows, are more vulnerable to the malicious codes that cyber malefactors cook up—to wit, the pervasive Conficker virus that has infected some 15 million computers since November.

Cyber criminals have in fact targeted electrical grids before, Schneier says. In January 2008, CIA analyst Tom Donahue disclosed that extortionists had hacked into utilities outside the U.S. and had triggered a blackout affecting several cities. But Schneier is skeptical because many details of the particular case remain unconfirmed.

Schneier says that power company insiders remain a much bigger threat than espionage-bent countries. In perhaps the most famous example, a disgruntled man named Vitek Boden hacked into a sewage treatment plant in Maroochy Shire in eastern Australia in 2000. He triggered the release of hundreds of thousands of gallons (millions of liters) of raw sewage into parks and rivers—all because the facility wouldn’t hire him. Investigators who tracked the incident to Boden discovered that his laptop's “hard drive contained software for accessing and controlling the sewage management system,” according to The Register, an online U.K.-based technology newspaper.  

Computer hacking, of course, is as old as the computer itself, and the electrical grid is far from the only major element of modern interconnected society that faces threats borne over the Internet. (Even the world's biggest particle accelerator isn't immune: some cyberpunks jacked into the Large Hadron Collider in September.)

The U.S. military, for instance, says that its information grid gets probed and even attacked millions of times a day, according to CBS News. Pentagon officials say they have spent $100 million in the past six months fighting cyber attacks and fixing network problems.

"The important thing is that we recognize that we are under assault from the least sophisticated—the bored teenager—all the way up to the sophisticated nation-state, with some pretty criminal elements sandwiched in-between," Air Force Gen. Kevin Chilton, head of U.S. Strategic Command, told CBS News.

Image Credit: iStockphoto / Pinopic