Electricity Grid in U.S. Penetrated By Spies (Wall Street Journal, 7 April 2009)Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war."The Chinese have attempted to map our infrastructure, such as the electrical grid," said a senior intelligence official. "So have the Russians."
OK, this is straight-up scary stuff.
Occupational hazard: I have a dangerously small amount of actual knowledge about how one attempts to detect and prevent intrusions into networks and systems, but I'm around the buzzwords a lot, so I'm going to go out of my way not to use jargon in the hope that I won't accidentally mangle a term of art.
Here's what I've been able to gather about this: even though you *can* secure, e.g., a nuclear facility's core operations from the public Internet, there's MORE than enough stuff hooked up to the public Net that you'd really rather it not be there if you thought about it much.
At the same time, this story sort of reminds me of the feigned outrage over the Bombay terrorists having used Blackberries and so forth to access news sites on the Internet and communicate with each other.
OF COURSE they used Blackberries. They also breathed air, drank water and ate food, as Bruce Schneier pointed out, probably a lot more elegantly - they exploited what was available in their environment, and what was available included devices that for the equivalent of a few hundred bucks up front and fifty or so a month makes you a walking, talking, e-mailing, web-surfing, highly mobile node on the Net.
Deal with it.
No, seriously. The good guys have the same tools and more money, and if we don't have better brains we're all in real trouble.
So, my thinking is -
We're in a highly interconnected world.
Bad guys are constantly finding ways to exploit this.
(Who's a "bad guy" depends largely but not entirely on where you sit. There are some objective standards of evil and there are regimes and groups that are way over those lines. They have access to the Intertubes too.)
*@&$^!, OF COURSE THEY'RE TRYING TO MAP OUR INFRASTRUCTURE.
Among other things.
Here would have been an interesting thing to read in the Wall Street Journal: How do we plan to prevent them from doing this, and more importantly what are we doing to learn about their weaknesses, which may not be, as is true in our case, their information and communications infrastructure?