Was the Chinese-Russian Power Grid Hack a Hoax?

Was the Chinese-Russian Power Grid Hack a Hoax?

Last week, the big news was that Chinese, Russian, and other hackers had invaded the U.S. power grid, and planted malware that could shut it down. But some commentators are saying that in fact, it may not have happened, and that it's all a bit of political theater performed as part of a cybersecurity power play by political insiders.
digg_url = ‘http://www.greenercomputing.com/blog/2009/04/13/was-chinese-russian-powe...’;

As I've written in the past, the Smart Grid currently being built holds out great promise and some peril for those interested in Green IT. In my blog Beware: Smart Grid May Be Hacker's Paradise, I warned that hackers could invade the Smart Grid, and from there make their way into enterprise networks.

Last week, a report in the Wall Street Journal bore that out, when it reported that the existing electrical grid had already been hacked. The Journal wrote:
Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.

"The Chinese have attempted to map our infrastructure, such as the electrical grid," said a senior intelligence official. "So have the Russians."
Scary stuff. But is it true?

At least one security expert thinks it's not. Kevin Poulsen, a former "black hat" hacker and now a writer for Wired, thinks that the report may have been planted by the National Security Agency (NSA). He notes that the Journal report:
contains almost no details at all. The attacks are "pervasive," and yet not a single utility company is named as a victim. Even better, the blackout-triggering malware hasn't been spotted by the companies -- which explains perfectly why this is the first we've heard of it. Only America's intelligence community has seen the code. They could show us, but then they'd have to kill us.
Poulsen points to the behind-the-scenes turf battle between the Department of Homeland Security (DHS) and the NSA over who will be in charge of cybersecurity. At the moment, DHS is in control. If the NSA can show that the DHS can't do the job, then the NSA will be handed over the responsibility.

There's no way to know the truth, of course. And whether the report is true or not, there's no doubt that the Smart Grid, unless built with security in mind, can become a hacker's paradise. So if you're involved in Green IT, and plan to be using the Smart Grid, you need to be aware of potential vulnerabilities. No matter who's in charge of cybersecurity in Washington, D.C., your own best defense begins right in your enteprise.