Daily Cyber Attacks on U.S. Electric Utilities: Congressmen Also Warn of EMP and GMD Attacks on Power Grid, Police Communications


Officials are investigating a ‘barrage’ of cyber attacks on U.S. utilities by Iran-linked hackers.

According to a report written by the staff of Congressmen Edward J. Markey (D-MA) and Henry A. Waxman (D-CA) …

(1) the electric grid is the target of numerous and daily cyber-attacks

(2) most utility companies have not implemented voluntary NERC recommendations,

(3) most utility companies have not taken concrete steps to reduce the vulnerability of the grid to geomagnetic storms and

(4) it is unclear whether the number of available spare transformers is adequate.

DETAILS: The electric grid is the target of numerous and daily cyber-attacks.

More than a dozen utilities reported “daily,” “constant,” or “frequent” attempted
cyber-attacks ranging from phishing to malware infection to unfriendly probes.
One utility reported that it was the target of approximately 10,000 attempted
cyber-attacks each month.

More than one public power provider reported being under a “constant state of
‘attack’ from malware and entities seeking to gain accessto internal systems.”

A Northeastern power provider said that it was “under constant cyber attack from
cyber criminals including malware and the general threat from the Internet…”

A Midwestern power provider said that it was “subject to ongoing malicious
cyber and physical activity. For example, we see probes on our network to look
for vulnerabilities in our systems and applications on a daily basis. Much of this
activity is automated and dynamic in nature – able to adapt to what is discovered
during its probing process.”

According to the report, Cyber-attacks can create instant effects at very low cost, and are very difficult to positively attribute back to the attacker. It has been reported that actors based in China, Russia, and Iran have conducted cyber probes of U.S. grid systems, and that cyber-attacks have been conducted against critical infrastructure in other countries. There are numerous examples of such cyber-attacks, including the attack on Saudi Aramco, which destroyed the hard drives of more than 30,000 computers at the Saudi state-run oil company.According to recent reports, intrusions into ten major American energy companies were similarly attempts to disrupt or destroy administrative systems. The rate of such cyber-attacks against American corporate and government infrastructure is on the rise and unlikely to abate.

A special subset of physical vulnerabilities and threats is associated with electromagnetic pulse (EMP) and geomagnetic disturbance (GMD). EMPs can be generated intentionally by utilizing portable equipment to produce high-power radio frequency or microwave or other electromagnetic pulses that destroy or disable electronic equipment. Such weapons can vary in size from a hand-held device to a large vehicle-borne device, can be used at a distance from a target, and can penetrate walls or other obstacles—making detection and attribution of an attack to a specific source difficult. More than a dozen countries have conducted research on such weapons, and DOD has demonstrated that such weapons can be developed with modest financial resources and technical capability. Such weapons have been used to defeat security systems, commit robberies, disable police communications, induce fires, and disrupt banking computers.

The Cardinal has reported in two previous articles regarding the vulnerability of Northwest Central Dispatch 9-1-1 center to disruption or terrorism.

(1) In The Cardinal OP-ED: Crypto Cop vs. The Cardinal on Police Radio Encryption the article reported on a Technical Whitepaper that reports how “an attacker could choose to deploy multiple battery operated jamming devices in a metropolitan area, placing them in public locations to make tracing of the devices harder, or even surreptitiously attaching them to the vehicles of third parties such as taxis or delivery trucks to cause confusion, and to make the jammers harder to locate. Such devices may be made arbitrarily programmable, changing which of a group of devices is active at any one time or even taking commands over the air.”

“Properly synchronized, a P25 (digital public safety radio) jamming system can operate at a very low duty cycle that not only saves energy at the jammer and makes its equipment smaller and less expensive, but also makes the existence of the attack difficult to diagnose and detect, and, if detected, requires the use of specialized equipment to locate it. (Note that the length of the jamming transmission is only about 10ms long … Such a jamming system need only be relatively inexpensive, requires only a modest power supply, and is trivial to deploy in a portable configuration that carries little risk to the attacker … We note that there is no analogous low-duty cycle jamming attack possible against the narrowband FM voice systems that P25 replaces.”

(2) In The Cardinal New Arlington Heights Police Headquarters Should Combine with 9-1-1 Center Facility Away from Railroad the article demonstrated the 9-1-1 center — Northwest Central Dispatch Center’s vulnerability in being located on a desolate roadway with inadequate security surrounding the facility. A semi-trailer truck parked was discovered parked less than 40 feet from Northwest Central Dispatch Systems 9-1-1 center on Saturday May 11, 2013 about 6:30 a.m.

Some public safety radio systems in the United States and in the United Kingdom have backup analog radio systems on older UHF or VHF radio frequency systems. If terrorists turned on jammers in an attempt to disrupt the older UHF and VHF system. the jammers would have to use a much stronger signal for a more prolonged period, which would be easier to detect and consequentially disable by authorities. The difficulty of succeeding with jammers for older frequencies would probably prohibit terrorists from even trying to disable UHF and VHF systems. Nevertheless, the older equipment or newer digital equipment, including computers in the 9-1-1 center, should have a greater security buffer surrounding the facility — using the distance and range to defeat the effectiveness of the jammer, electromagnetic pulse (EMP), geomagnetic disturbance (GMD).

Police responded about 8:08 a.m. Friday May 23, 2013 to a report of a man exposing himself and masturbating near the air conditioning unit of the radio tower house at the bottom of the main radio tower for Northwest Central Dispatch System 9-1-1 center, 1975 East Davis Street.

View Larger Map
A relatively higher security fence surrounds the 9-1-1 center and parking lot, but does not protect the radio tower and electronics housing at the base of the tower. While the Google map image on May 26, 2013 shows two towers, there is currently only one tower.

Semi-trailer truck parked less than 40 feet from Northwest Central Dispatch Systems 9-1-1 center on Saturday May 11, 2013 about 6:30 a.m. — a currently permissible incident that is a security risk for the 9-1-1 center for the northwest suburbs.

Get updates from The Cardinal CRIME BLOG ‘Plus’ on Facebook. Just ‘LIKE’ the ‘Arlington Cardinal Crime & Forensics’ Page (become a fan of our page). The updates cover all posts in the 24/7 Crime Alerts! and sub-categories. See all of The Cardinal Facebook fan pages at Arlingtoncardinal.com/about/facebook …

Arlingtoncardinal.com is an Amazon Associate website, which means that a small percentage of your purchases gets paid to Arlingtoncardinal.com at no extra cost to you. When you use the search boxes above, any Amazon banner ad, or any product associated with an Amazon banner on this website, you help pay expenses related to maintaining Arlingtoncardinal.com and creating new services and ideas for a resourceful website. See more info at Arlingtoncardinal.com/AdDisclosure