Malware Infections Lurk in U.S. Electricity Grid, WSJ reports

The U.S. electricity grid is infected with malware from China and Russia, according to a report from the Wall Street Journal.

The article from Siobhan Gorman sources unnamed officials from the intelligence community and Department of Homeland Security as saying the unidentified intruders haven't yet harmed anything, but have "software tools" in place that could be used to disrupt the system.

The report says the malware traces back to China, Russia and elsewhere, but notes that "It is nearly impossible to know whether or not an attack is government-sponsored because of the difficulty in tracking true identities in cyberspace." There are not yet details on just what kind of malware was installed on the systems, or what the systems were.

Scary stuff, as many security experts and others have warned of the need to protect vulnerable infrastructure. The news highlights the major security risk posed to any system that is accessible via the Internet. I'd suggest we might consider a new variety of Murphy's Law: "If it can be hacked, it will be hacked."

Despite the risk, it doesn't sound like there's a need to go to DefCon 1 and prepare for nationwide blackouts or full-scale cyberwar. But this should certainly serve as a wake-up call.

For one thing, the article correctly notes that neither Russia nor China has any real motive to disrupt our infrastructure, and that China in particular has a vested interest in not further harming our economy. Since much of today's malware traces back to criminal groups in both countries, it's entirely possible that the discovered malware infections weren't the result of anyone specifically targeting infrastructure systems, but were instead caused by the usual method of someone on a system opening the wrong e-mail attachment, or perhaps a worm infection that automatically infected a vulnerable computer.

But regardless of how the systems became infected, they are now proven to be vulnerable. And that's a bad thing when we're talking about systems that control our supply of electricity, water or other essential.

Subscribe to the Security Watch Newsletter

Comments