Hackers Hit Power Companies

Power and energy companies have become targets for computer hackers who have managed to penetrate energy control networks as well as administrative systems, according to a newspaper report.

Energy and power companies experienced an average of 1,280 significant attacks each in the last six months, according to security firm Riptech Inc. The Alexandria, Va.-based computer security company found that the number of attacks against power and energy companies was far more than companies in any other industry sector, the Los Angeles Times reported Monday.

"The event that I fear most is a physical attack in conjunction with the success of a cyber attack on an infrastructure such as electric power or 911," the emergency telephone system, said Ronald Dick, director of the FBI's cybercrime division.

The number of cyber attacks on energy companies increased 77 percent this year, said Tim Belcher, Riptech's chief technology officer. Since January, 14 of Riptech's 20 energy-industry clients have suffered severe cyber attacks that would have disrupted company networks if they had not been detected immediately.

"Unequivocally, these nets are vulnerable to cyber attack, and, unequivocally, one outcome could be disruption of power supplies" said Belcher, a former cyber-security consultant for the U.S. Defense Department.

The glare of adverse publicity from last year's power crisis in California and the Enron Corp. scandal may have drawn attention not just from hackers, but also from corporate saboteurs and terrorists, experts said.

A small number of attacks — 1,260 out of a total of more than 180,000 — originated in countries where terrorists groups are known to be concentrated, according to Riptech data. The most active attacks originated from Kuwait, Egypt and Pakistan — countries that have relatively developed computer networks and a growing pool of experienced hackers.

Riptech, which serves Fortune 500 corporations, smaller companies and government agencies, was founded by former top Defense Department officials to provide computer security.

The weak link among energy power systems are a group of remote control devices known as "Supervisory Control and Data Acquisition" systems, according to a recent report by the National Research Council, an arm of the National Academy of Sciences.

The systems, which are used to control the flow of oil and water through pipelines, and monitor power grids, were once impervious to hackers because they were completely isolated from other computer systems. Many systems are connected to the Internet today, and therefore vulnerable to hacking, experts said.

Security experts disagree on whether terrorists are capable of launching an effective cyber attack. Some claim digital warfare is many levels beyond mere penetration of a computer network, while others believe cyber attacks could provide an anonymous, safe alternative for terrorists especially since security for physical infrastructures — including airports, power plants and government buildings — has been tightened.