China's cyber-militia behind U.S. blackouts?

Chinese hackers may have been behind power blackouts in Florida and the Northeast, according to a report in the National Journal.The report, penned by Shane Harris for the National Journal, lays out a lengthy case that China has deployed hackers working unofficially and officially for the government and military to probe U.

Chinese hackers may have been behind power blackouts in Florida and the Northeast, according to a report in the National Journal.

The report, penned by Shane Harris for the National Journal, lays out a lengthy case that China has deployed hackers working unofficially and officially for the government and military to probe U.S. infrastructure. That conclusion isn't terribly surprising, but Harris lays out a bunch of interesting points in this must-read that's likely to get some attention today (Techmeme). One eye-opener is that the Chinese government makes little distinction between hackers that work for the government and freelance for giggles. The end result is a loose-knit cyber army.

Among the key excerpts from the National Journal report:

One prominent expert told National Journal he believes that China's People's Liberation Army played a role in the power outages. Tim Bennett, the former president of the Cyber Security Industry Alliance, a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network thhttp://blog.wired.com/defense/2008/05/did-chinas-hack.htmlat controlled electric power systems serving the northeastern United States. The intelligence officials said that forensic analysis had confirmed the source, Bennett said.

My problem with this argument is that it's based on one source recounting intelligence officials that are unnamed. Kevin Poulsen shoots down the argument at Wired's Threat Level blog while colleague Noah Shachtman touts it. As Poulsen notes this China-behind-the-2003-blackout reasoning sounds like a conspiracy theory. The first reaction to the blackout in New York revolved around terrorism--after all it was only two years after Sept. 11, 2001.

In any case, I was caught in that blackout. It wasn't fun almost getting trampled at the ferry trying to get to Hoboken. Send my regards to whoever was responsible. Here's the Energy Department's final report on the 2003 blackout.

Back to those excerpts:

Bennett, whose former trade association includes some of the nation's largest computer-security companies and who has testified before Congress on the vulnerability of information networks, also said that a blackout in February, which affected 3 million customers in South Florida, was precipitated by a cyber-hacker. That outage cut off electricity along Florida's east coast, from Daytona Beach to Monroe County, and affected eight power-generating stations...A second information-security expert independently corroborated Bennett's account of the Florida blackout. According to this individual, who cited sources with direct knowledge of the investigation, a Chinese PLA hacker attempting to map Florida Power & Light's computer infrastructure apparently made a mistake.

And.

Joel Brenner, the U.S. counterintelligence chief, said he knows of "a large American company" whose strategic information was obtained by its Chinese counterparts in advance of a business negotiation. As Brenner recounted the story, "The delegation gets to China and realizes, ‘These guys on the other side of the table know every bottom line on every significant negotiating point.' They had to have got this by hacking into [the company's] systems."

And.

During a trip to Beijing in December 2007, spyware programs designed to clandestinely remove information from personal computers and other electronic equipment were discovered on devices used by Commerce Secretary Carlos Gutierrez and possibly other members of a U.S. trade delegation, according to a computer-security expert with firsthand knowledge of the spyware used.

And the hits just keep coming. The takeaway is that the U.S. government is waking up to the threat--very slowly-and for all we know is planting these tidbits. In any case, the conclusion is the same. The U.s. needs to step up it up on the cyber defense front.