A series of recent cyber attacks used basic tools to break into power company networks and threaten their automated systems, according to a memo sent by the Department of Homeland Security.
In the memo, sent to electric and nuclear sector CEOs and obtained by the Houston Chronicle, the department, for the second time, urged energy companies to beef up security after recent physical and online attacks threatened serious damage to infrastructure and equipment.
A source said he received the undated memo from the Department on Monday. The memo expanded on a rush of online attacks that prompted an initial department alert about them on May 9. The additional alert pressed for added action from energy companies.
“In at least one case, the attackers successfully obtained all the information needed to access the industrial control systems environment,” the memo said of the online attacks.
Industrial control systems manage an array of automated operations handled by energy companies, but hackers could force them to malfunction and cause major problems An attack targeting industrial control systems in Iran was able to destroy centrifuges at a nuclear facility there in 2010.
The recent U.S. attacks hit several companies and involved simple approaches used by hackers, the memo said.
Simple hacking methods can include brute force attacks, where hackers attempt to break into systems using a variety of password combinations. They can also include common malicious software that is not threatening to an updated computer, but can cause problems on a system with old software that is not protected against such malware.
“While the identified tools and techniques are common and easy to obtain in the public domain, it is notable that attackers successfully deployed them against several U.S. energy and critical manufacturing sector targets over a period of weeks,” the memo said.
The department did not respond to requests for comment.
The department’s second alert urging action on Internet security likely came about because companies are not acting fast enough to protect themselves, leaving them exposed to even novice hackers using and spreading the simplest forms of online threats, said Chris Goetz, partner of Kingston Systems, an oil industry computer systems company based in The Woodlands.
“We are pretty much virgin territory for anybody with a little bit of experience,” said Goetz, who had not seen the memo. “A lot of these facilities are really exposed.”
Malware offshore: Danger lurks where the chips fail
A report published in may by U.S. Reps. Ed Markey (D-Mass.) and Henry A. Waxman (D-Calif.) showed that power companies were targeted at an alarming rate, including one utility that said it experienced 10,000 attempted attacks each month.
Online threats have substantially impacted energy companies, in one case infiltrating 30,000 computers for Saudi Aramco and in another knocking an offshore oil rig offline for weeks, the Houston Chronicle has reported.
The department said it was able to analyze hard drives and other computer equipment affected by recent attacks and discovered “numerous indicators that the industrial control systems community can use to identify signs of compromise within their networks,” the memo said.
The Homeland Security Department “recommends that immediate action be taken to determine the extent of any compromise, and to determine the extent of any compromise,” the memo said.
The memo also pushed for added physical security measures after an attacker targeted an electricity substation in Silicon Valley, cutting communication lines and attempting to disrupt equipment, according to the memo.
The attacker cut fiber optic lines and used a high-powered rifle in an attempt to disable substation equipment, the memo said.
“The attack indicates a sophisticated knowledge of electricity infrastructure and cascading impacts that requires increased vigilance nationwide,” the memo said.