Technology.am (Apr. 11, 2009) — Smarter is not always better — at least when it comes to utilities. The nation’s electricity grid has been compromised by foreign hackers. Many warnings have been sounded over the years.

The infrastructure in the U.S. is vulnerable to cyberattack, the situation has worsened as utilities move their control systems closer to the Internet and install smart-grid technology, according to security experts.

The Supervisory Control and Data Acquisition (SCADA) control systems used by the energy industry used to be segregated from public networks. But they have increasingly become more dependent on Internet protocol-based systems, the experts said. At the same time, their security precautions are inefficient, they said.

“Plant control networks and their programmable logic controllers should be disconnected from the Internet,” said Peter “Mudge” Zatko, technical director of the national intelligence research unit at BBN Technologies. “These are the things lifting and lowering the plutonium rods into the water to make steam…It’s on the Internet. This is terrifying.”

In 1999, Zatko compiled a list of about 30 utilities whose plant control networks could be accessed remotely, and he says many of them still have the same problems today.

In 2004, Gartner did a report concluding that the use of IP networks for critical infrastructure could serve as bait for cyberattackers.

Security company Industrial Defender has done more than 100 threat assessments over the past seven years, primarily in utility infrastructure, and identified 34,000 vulnerabilities, said company CEO Brian Ahern.

IP networks aren’t the only problem. The use of smart-grid technology, which consists of networked meters designed for adjusting electricity flows and monitoring everything from power plants to individual appliances in homes, are also putting critical systems at risk, experts said.

The energy sector was the industry most vulnerable to cyberattack. More than 2 million smart meters are in use in the U.S. today, and an estimated 73 utilities have ordered 17 million additional smart meters, according to IOActive.

The story is likely linked to turf battles within the federal government over which agency will oversee the cybersecurity policies, and get the funding for it, several of the security experts suggested. For instance, the Department of Homeland Security has been criticized for not doing enough on cybersecurity, while the director of Homeland Security’s National Cybersecurity Center resigned recently, accusing the NSA of trying to wrest control.