Yesterday’s well reported article in The New York Times by David Sanger, David Barboza and Nicole Perlroth about the Chinese army unit that is hacking both government and corporate American interests is sure to raise questions related to the smart grid. The article is largely based on a report by American computer security firm Mandiant and points to corporate security breaches at companies ranging from Coca-Cola to oil pipeline software provider Telvent. Describing the group of state sponsored hackers dubbed Unit 61398, the authors write:
“Mandiant has watched the group as it has stolen technology blueprints, manufacturing processes, clinical trial results, pricing documents, negotiation strategies and other proprietary information from more than 100 of its clients, mostly in the United States. Mandiant identified attacks on 20 industries, from military contractors to chemical plants, mining companies and satellite and telecommunications corporations.”
The article continues to where all roads lead, which is the electrical grid and the possibility that a foreign enemy could take out the electrical grid, crippling the U.S.
“What most worries American investigators is that the latest set of attacks believed coming from Unit 61398 focus not just on stealing information, but obtaining the ability to manipulate American critical infrastructure: the power grids and other utilities.”
In fact, in the immediate hours after the 2003 Northeast blackout many experts immediately assumed it was a terrorist attack, but one done by physically taking out the grid. Clearly now a virtual, software based attack is most possible.
Much of the software concerns about the smart grid have been directed at privacy, but expect the bulk of the pressure now to focus on security. I’d expect more regulatory and compliance measures in the future, as well as the possibility that big name security firms like RSA could get access to the utilities as hot new customers.