The CIA has taken a very unusual step and issued a warning to American utility and energy companies about the danger of cyber attacks. The warning revealed that there have been successful cyber attacks on a number of foreign utilities.
In a rare public warning to the power and utility industry, a CIA analyst this week said cyber attackers have hacked into the computer systems of utility companies outside the United States and made demands, in at least one case causing a power outage that affected multiple cities.
"We do not know who executed these attacks or why, but all involved intrusions through the Internet," Tom Donahue, the CIA's top cybersecurity analyst, said Wednesday at a trade conference in New Orleans.
Donahue's comments were "designed to highlight to the audience the challenges posed by potential cyber intrusions," CIA spokesman George Little said. The audience was made up of 300 U.S. and international security officials from the government and from electric, water, oil and gas companies, including BP, Chevron and the Southern Co.
"We suspect, but cannot confirm, that some of the attackers had the benefit of inside knowledge," Donahue said. He did not specify where or when the attacks took place, their duration or the amount of money demanded. Little said the agency would not comment further.
The remarks come as cyber attackers have made increasingly sophisticated intrusions into corporate computer systems, costing companies worldwide more than $20 billion each year, according to some estimates.
The article does not identify the utility companies or even the countries where this occurred. But it sounds rather ominous, especially to someone who has worked in this area for many years. The Federal Energy Regulatory Commission has just issued a set of eight cybersecurity standards for the utility industry. I imagine that there will be a rush to start implementing them. Funny thing about this. I actually had my controls engineers isolate our plant's distributed control system from the internet a number of years ago. I didn't like the risks then. I like them less now.
