Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to U.S. government officials and computer-security experts.
One prominent expert told National Journal he believes that ChinaÃ¢â‚¬â„¢s PeopleÃ¢â‚¬â„¢s Liberation Army played a role in the power outages. Tim Bennett, the former president of the Cyber Security Industry Alliance, a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network that controlled electric power systems serving the northeastern United States. The intelligence officials said that forensic analysis had confirmed the source, Bennett said. Ã¢â‚¬Å“They said that, with confidence, it had been traced back to the PLA.Ã¢â‚¬Â These officials believe that the intrusion may have precipitated the largest blackout in North American history, which occurred in August of that year. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected.
Officially, the blackout was attributed to a variety of factors, none of which involved foreign intervention.
There has never been an official U.S. government assertion of Chinese involvement in the outage
Bennett, whose former trade association includes some of the nationÃ¢â‚¬â„¢s largest computer-security companies and who has testified before Congress on the vulnerability of information networks, also said that a blackout in February, which affected 3 million customers in South Florida, was precipitated by a cyber-hacker.
A second information-security expert independently corroborated BennettÃ¢â‚¬â„¢s account of the Florida blackout. According to this individual, who cited sources with direct knowledge of the investigation, a Chinese PLA hacker attempting to map Florida Power & LightÃ¢â‚¬â„¢s computer infrastructure apparently made a mistake.
Brenner, the senior U.S. counterintelligence official, said, Ã¢â‚¬Å“Another country knows that if it starts taking out our satellites, that would be an act of war.Ã¢â‚¬Â But Ã¢â‚¬Å“if they were to take out certain parts of our infrastructure, electronically, that could be regarded as an act of war,Ã¢â‚¬Â he said. Ã¢â‚¬Å“ItÃ¢â‚¬â„¢s not my job to say that.Ã¢â‚¬Â
NATO officials are reluctantly struggling with that question, too. At a ministerial meeting last June, Defense Secretary Gates asked the allied members to consider defining cyberattacks in the context of traditional warfare. Cyberwar is still abstract, and there are no international conventions that govern military conduct on a digital battlefield.
Imagine if the havoc caused by Internet viruses and wormSÃ¢â‚¬â€downed web sites, snatched credit card data, and so forthÃ¢â‚¬â€were unleashed on the power grid’s critical infrastructure. The results could include targeted blackouts, tampering with power generation (including nuclear plants), or the use of energy consumption data for malicious intent. For while a smart power grid, which leverages information technology to add more intelligence to the electricity network, will give consumers and utilities more control over energy consumption, the transformation from analog to digital will bring to the grid a threat that plagues the Internet: hacking.