SAN JOSE — California utility officials are warning that hackers increasingly target utilities with cyberattacks that could leave millions of people without electricity, water and other vital services.
The California Public Utilities Commission is considering rules to bolster cyber-security protections to prevent potentially devastating attacks, according to the San Jose Mercury News.
In a recent report, the agency warned that utilities were becoming vulnerable to cyberattacks as their networks add smart meters and other computerized gear. Many providers are reluctant to report they’ve been hacked because they worry disclosure could expose them to liability.
Experts say a cyberattack against an electric utility could lead to massive power outages that shut down water and transportation, threaten the sick and elderly and cause billions of dollars in damage.
“We will see catastrophic outages,” James Sample, Pacific Gas & Electric Co.’s Chief Information Security Officer, warned state regulators at a recent forum. “We are dealing with a very intelligent adversary.”
Although PG&E doesn’t believe hackers have caused major problems at the San Francisco-based utility, Sample said, “We’re seeing increased phishing-type attempts,” typically fake emails aimed at stealing information.
Late last year, the U.S. Department of Homeland Security reported that hackers were infiltrating “oil and natural gas pipelines and electric power organizations at an alarming rate.” The agency said it knew of 198 such “cyber-incidents” just last year.
Security specialists say many utility companies have done little to guard their operations against hackers despite years of prodding.
“They just want to kind of pretend the problem doesn’t exist,” said Dale Peterson, CEO of Digital Bond, which assesses security at utilities and other firms. “So it might take some really tragic thing with some huge disruption of peoples’ lives before something gets done.”