US electric grids are full of security flaws

Electric grids in the United States are at massive risk from malicious attacks according to a report by Idaho National Lab, an Energy Department facility.

The computer networks that are in charge of controlling the electric grid are full of security holes which could be manipulated into redirecting the route of power and to steal data. But they’re strikingly basic and fixable problems, says The Wall Street Journal (subscription), including failure to update software with the latest patches and having terrible password management. Idaho National Lab suggests that the flaws will be cheap to fix.

With worries about national security and this report by TechEye yesterday that suggested amassing a cyber attack on the US would be both cheap and relatively inexpensive, it’s surprising that the fixes haven’t been put in place. 

Engineering firm Siemens AG said that it had recently taken note of an attack on critical infrastructure including the national grids, underground systems and air-traffic control, though it had issued a tool to fix the flaws late July.

Baltimore-based Independent Security Evaluators’ Charlie Miller said that with the right strategy, targeting smart grids and all other aspects of a nation’s technology infrastructure, it could cost as little as $100 million and take just two years to launch a full blown assault on the United States.