Electric, chemical plants on alert for cyberattacks
WASHINGTON — The federal government on Thursday warned of a heightened risk of a cyberattack that could disrupt the control systems of companies providing critical services such as electricity and water.
Officials are highly concerned about “increasing hostility” against “U.S. critical infrastructure organizations,” according to the warning, which was released by the Department of Homeland Security on a computer network accessible only to authorized industry and government users. “Adversary intent extends beyond intellectual property theft to include the use of cyber to disrupt ... control processes.”
Senior officials have warned in recent months that foreign adversaries are probing computer systems that operate chemical, electric and water plants. But they are also increasingly concerned about the threat of a potentially destructive cyberattack.
Such attacks are rare. Last summer, more than 30,000 computers at the state-owned oil company Saudi Aramco were destroyed when a virus wiped data from the hard drives. The same virus damaged computer systems at Ras Gas, an energy company in Qatar.
Intelligence officials have said they think those attacks were linked to the Iranian government. Saudi Arabia and Qatar are allied with Western powers that have tightened economic and oil sanctions against Iran in an effort to slow Iran's nuclear program.
DHS officials did not provide details on the nature of the latest threat, but there has been renewed concern among government and industry officials about cyberactivity out of the Middle East, particularly Iran.
“There have been oil and gas companies that have seen increased activity out of Iran — not just U.S. but overseas companies,” said one industry official who was not authorized to speak for the record.
The unclassified alert issued was released by DHS's Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT. The agency helps companies investigate intrusions and suggests ways to improve security. In doing so, it collects data about cyber-threats that it can use to alert the private sector.
The alert is issued as the Obama administration is ramping up efforts to share more information about threats and encourage greater computer network security. In February, President Obama issued an executive order directing federal agencies to provide more cyber-threat data to industry more quickly.