The vulnerability has been there for a cyberwar between Iran and the U.S. – it’s heating up and there’s new evidence that Iran has hacked into our power grid. We’re so behind protecting and updating our critical data that it’s leaving us vulnerable to attacks.
Security researcher Brian Wallace has unearthed evidence that the Shia Islamic state of Iran has stolen critical data about American power stations and inserted malware into energy companies’ software that could allow it to destroy the American power grid during a time of conflict.
Mr. Wallace was researching a theft of University of California housing data when he discovered the Iranian hack which included detailed drawings of energy plants labeled “mission critical.” The data would allow a foreign nation to shut down power to millions of homes and businesses.
AP writes that about a dozen times in the last decade, sophisticated foreign hackers have gained enough remote access to control the operations networks that keep the lights on, according to top experts who spoke only on condition of anonymity due to the sensitive nature of the subject matter.
“If the geopolitical situation changes and Iran wants to target these facilities, if they have this kind of information it will make it a lot easier,” said Robert M. Lee, a former U.S. Air Force cyberwarfare operations officer. “It will also help them stay quiet and stealthy inside.”
Despite a decade of warnings from experts on the vulnerability of the U.S. power grid, Deputy Secretary Alejandro Mayorkas acknowledged in an interview, however, “we are not where we need to be” on cybersecurity.
The company in question is Calpine Corp. which operates 82 power plants in 18 U.S. states and Canada. Attackers took usernames and passwords which could allow the to operate systems remotely, engineering drawings of critical facilities, and diagrams how companies transmit data to the cloud.
Read more: WT