US Infrastructure Infested with Malware?


The Wall Street Journal reported this week that the IT systems that control elements of the US infrastructure - the electrical grid, water and sewage systems, for instance - have likely all been penetrated and possibly even compromised by hackers who have installed software of their own in order to be able to disrupt these systems at some future date. Rogue software has been found in the systems controlling parts of the US electrical grid, the story says.

US government officials speculate that the hackers who have penetrated US infrastructure systems are associated with foreign governments who may wish to interfere with the infrastructure during a time of international crisis. Both the Chinese and Russian governments strongly deny any involvement, according to the WSJ.

While the story itself is not new (see here, here and here), there were a couple of interesting snippets in the article.

For instance, it mentions that "under the Bush administration, Congress approved $17 billion in secret funds to protect government networks" with billions more likely to be spent under the Obama administration, and that the Pentagon admits spending at least "$100 million in the past six months repairing cyber damage." A lot of that was undoubtedly related to the USB problem I wrote about here late last year.

In response to the increasing threat, the US Senate is contemplating a law that would federalize cyber security, meaning that the US government would be able to set IT security standards that private companies would have to comply with. The law could also allow the government to shut down networks for national security reasons.

Of course, it would be nice if the federal government worked a bit harder to secure its own networks before seeking the power to regulate private network security.

As reported last week in the Washington Post, the US Interior Department has consistently failed to secure its computer network to even a minimum standard years after being ordered by a federal judge to do so.

The Interior Department's own inspector general said that "It is unfathomable anyone could give assurance the Department's network is secure," yet the department went ahead anyway and told the judge that it had indeed met his order.

In reading the Post story, all one can do is be glad that most private companies do a significantly better job of IT security than the Interior Department.

Popular Mechanics' April 2009 cover story is also on the vulnerability of US infrastructure systems to cyber attack, for those wanting more detailed information on the overall subject.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Robert Charette
Spotsylvania, Va.
Willie D. Jones
New York City