Security Vulnerabilities Could Cripple US Economy

A recent report released by the General Accountability Office (GAO) warns US officials about the seriousness of a cyber attack on North America's electrical grid. It appears that the organization that oversees North America's electrical grid is not doing enough to ensure that a future hack attack won't cripple the US economy.

The NERC (North American Electric Reliability Corp.) has had its ability to protect the state's electrical grid questioned by U.S. Representative James Langevin and other members of the House of Representatives Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology. It appears that NERC officials have presented a "misleading" picture of the security capability of the U.S. electric system. In response to this, James Langevin voiced his doubts that the U.S electrical grid would withstand an attack that would make use of the so-called Aurora vulnerability.

It appears that Aurora allows hackers to shut down the generators or other equipment of the electric utilities, leaving the country in a real state of chaos. According to the GAO report, the TVA (Tennessee Valley Authority) had firewalls that were improperly configured or bypassed, which left hackers with a real source for a back door to the state's electrical grid. Other bad practices included TVA administrators neglecting to install key software patches. GAO had 92 recommendations to make, meant to increase the level of security at the TVA.

The security gaps found at the TVA come in a period when electricity providers try to lower their costs and boost efficiency by using supervisory control and data acquisition (SCADA) systems. These systems are designed to allow workers to remotely connect to the system through internet or telephone lines. The purpose of the equipment is to save money but, in doing so, it allows the system to be attacked by cyber wrongdoers.

It seems that the TVA was already working to fix the problems when the GAO investigation happened, according to William McCollum Jr., chief operating officer of the TVA. Some issues had already been fixed, but the TVA official could not give lawmakers a definite date when all the issues would be fixed.