A report issued by U.S. Congressmen Ed Markey and Henry Waxman says that the number of cyberattacks focused on core infrastructure continues to rise, with one utility facing roughly 10,000 assaults every month.
Within the "35-page "Electric grid vulnerability" report (.pdf), out of 160 surveyed U.S. utilities, over a dozen indicated they face "daily," "constant," or "frequent" cyberattacks against their systems. These attacks comprise of "phishing to malware infection to unfriendly probes."
One power provider said it was under "constant cyber attack from cybercriminals including malware and the general threat from the Internet," and another commented that the company was "subject to ongoing malicious cyber and physical activity." Network probes that look for vulnerabilities in systems and applications are a daily problem, and much of this activity is automated and dynamic in nature.
The report says:
"Grid operations and control systems are increasingly automated, incorporate two-way communications, and are connected to the Internet or other computer networks. While these improvements have allowed for critical modernization of the grid, this increased interconnectivity has made the grid more vulnerable to remote cyber attacks."
According to the research, grid vulnerabilities have major economic ramifications -- as well as the possibility of blacking out cities dependent on power grids. It is estimated that power outages and disturbances cost the U.S. economy between $119 to $188 billion per year, and a single event -- such as a successful cyberattack -- can cost upwards of $10 billion.
In March, U.S. intelligence officials said that cybercrime is, and the constant evolving nature of cybercrime makes it difficult to keep up and make sure critical services and infrastructure are adequately protected.
The Department of Homeland Security has confirmed that in 2012, the number of cyberattacks centered around Federal agencies, critical infrastructure and industrial bodies have risen in frequency by 68 percent in comparison to 2011.
While the report's tone rings alarm bells, none of the surveyed utilities reported a successful breach of their systems, and most attacks did not even constitute the need for a report. According to Reuters, a number of utilities believe the report is "overblown," and that systems are adequately protected through the mandatory standards set by the North American Electric Reliability Corp (NERC).
Arkansas Electric Cooperative Corporation Chief Executive Duane Highley told the publication:
"The majority of those attacks, while large in number, are the same attacks that every business receives. Those are very routine kinds of attacks and we know very well how to protect against those. Our control systems are not vulnerable to attack."