NEW YORK—Hackers believed to be backed by the Chinese communist regime have continuously broken into computers critical to the functioning of the United States' electric grid network and installed control programs that would allow them to catastrophically disrupt service, government officials confirmed Wednesday.
The news about the compromise of mission-critical computers, which is believed to have been happening for at least a few years now, was first broken by the Wall Street Journal on April 7 and then was confirmed through interviews published by several other news media.
Homeland Security Secretary Janet Napolitano confirmed the compromises in a press conference on Wednesday. "The vulnerability is something that the Department of Homeland Security and the energy sector have known about for years," she said at the conference.
Espionage Backed by Chinese Regime
Most of the compromises were made by spies from China and Russia, the Wall Street Journal reported.
"The Chinese have attempted to map our infrastructure, such as the electrical grid," the paper quoted a senior intelligence official as saying.
The level of sophistication in the attacks and the depth of the compromises is reported to be so pervasive that in an interview with the Associated Press, one official said that it was "almost without a doubt" sponsored by the governments and regimes of the countries from where the attacks originated.
"The severity of what we're seeing is off the charts … most of the critical infrastructure in the U.S. has been penetrated to the root by state actors," the Associated Press quoted Tom Kellermann, who is a member of the Commission on Cyber Security advising U.S. President Barack Obama on cyber-security issues.
All major electricity companies were targeted in the attack, with several of their key systems compromised. The attacks "appeared pervasive across the U.S. and doesn't target a particular company or region," a former Department of Homeland Security official said to the Wall Street Journal.
Vulnerability of U.S. Infrastructure
Intelligence officials are also worried about the vulnerability of several other key components of the United States infrastructure, such as nuclear power plants, financial networks, and water and sewage systems.
CIA analyst Tom Donahue is believed to have impressed the importance of computer security on engineers at utility companies last year. His talk included information about how power grids in regions outside the U.S. had been compromised and held to ransom, with the attackers demanding payment and in one case, turning off the lights of an entire city.
The Edison Electric Institute, an association of public electric companies in the United States, released a statement on Wednesday saying that it was cooperating with government and intelligence officials. "The issue of cyber security has been on our industry’s radar for some time. We are taking aggressive action to ensure that we anticipate, detect and address any present or future potential cyber threats to the system. In this effort we are working closely with the Department of Homeland Security … and other federal agencies," the statement said.
However, government officials are reported to be flustered at the lack of security initiative taken by power companies, most of which are private. After Idaho National Laboratory released a demonstration video in March 2007 of the damage hackers could do if they seized control of key parts of the electric grid, the government launched an audit investigation of security practices in utility companies, which led to the cyber-espionage findings.
Officials of the Obama administration have been conducting a study of vulnerabilities and security issues that could compromise United States security interests. The report, which will be delivered to the President's desk in a few weeks, is expected to call for increased federal involvement in cyber security of key infrastructure.