Newshoggers.com

By Steve Hynd

The WSJ's Siobhan Gorman has a tale today about deep penetration of America's power grid by foreign hackers that has several on the wingnut side of The Force hyperventilating.

However, Gordon's story hangs mainly on the anonymous say so of "current and former national-security officials". The nearest she gets to named sources confirming this alleged penetration is Dennis Blair saying "we have seen cyberattacks against critical infrastructures abroad, and many of our own infrastructures are as vulnerable as their foreign counterparts.", which doesn't actually pinpoint power companies at all. In fact, the best knows infrastructure cyber attack, in Australia, was aimed at sewage infrastructure.

She also has this:

Last year, a senior Central Intelligence Agency official, Tom Donahue, told a meeting of utility company representatives in New Orleans that a cyberattack had taken out power equipment in multiple regions outside the U.S. The outage was followed with extortion demands, he said.

But that's misleading in the extreme, as the original report highlighting what Donahue allegedly claimed makes clear:

Alan Paller, director of research at the SANS Institute, said that CIA senior analyst Tom Donahue confirmed that online attackers had caused at least one blackout. The disclosure was made at a New Orleans security conference Friday attended by international government officials, engineers, and security managers from North American energy companies and utilities.

Paller said that Donahue presented him with a written statement that read, "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

Information about which foreign cities were affected by the outage and other information related to the attack was not mentioned and is unlikely to be forthcoming, said Paller.

A call to the CIA asking for further comment was not immediately returned.

Donahue wasn't actually there. Paller's company, SANS Insitute, touts for business securing companies against cyberattacks. Even Paller admits he has no corroberating details. And the CIA refused even to confirm Donahue had written anything at all.

As Mark Silva at The Swamp notes, it's a tale that "begs the question: How safe are you feeling these days? Or, where will your tax dollars go?":

Now, in the Washington realm of the annual fight for a share of the $3.5 trillion federal budget - that "closing the Washington Monument'' mentality that sets in during this season -- it's worth noting, as the Journal does, that this tale has emerged at a time when:

"Protecting the electrical grid and other infrastructure is a key part of the Obama administration's cybersecurity review, which is to be completed next week,'' the Journal reports.

...Time to start marking up those Intel budgets.

Siobhan Gorman has been described as "deeply sourced on NSA issues" and has certainly been partisanly inclined to sympathy with the Bush era intelligence community when it came to torture and destruction of evidence. I've a feeling her sources are using her on this scary story at budget time.

Update: Wired.com (h/t Kat) -

The real authors of this tale are unnamed "U.S. intelligence officials ... since the NSA is at this very moment jockeying to take over cyber security from DHS, which lacks the wholesale warrantless-wiretapping capabilities needed to detect Chinese hackers. What a lucky coincidence of timing that this exciting, if uncheckable, story should emerge now.