Iranians work on computer [illustrative] 370.
(photo credit: REUTERS/Caren Firouz)
Iran is responsible for a wave of computer attacks on US corporations, with targets including oil, gas and electricity companies, The New York Times reported Friday, citing American officials and corporate security experts.
The officials stated that the goal of the Iranian attacks is sabotage rather than espionage. The cyber attacks are seen as attempts to gain control of critical processing systems.
US investigators have been probing the attacks for several months. While the officials said that the attacks could not be linked to the Iranian government, the Islamic Republic's control of internet activities in the country is such that it is unlikely that the attacks could be carried out without the regime's knowledge.
Several power utilities say they face a barrage of cyber attacks on their critical systems, a report by two Democratic lawmakers found, echoing warnings from the Obama administration that foreign hackers were trying to bring down the US power grid.
California Representative Henry Waxman released the report, co-authored with Massachusetts Representative Ed Markey, at the House Energy and Commerce Committee's cybersecurity hearing on Tuesday.
The pair asked some 160 utilities to describe their experiences fighting cyber attacks over the past five years. In response, more than a dozen said they experienced daily, constant or frequent attempted cyber attacks, according to a 35-page report summarizing their responses.
But utilities termed the report as overblown, saying their systems were adequately protected through mandatory standards set by the North American Electric Reliability Corp (NERC) that ensure separation of control systems and consumer-facing or administrative networks.
"The majority of those attacks, while large in number, are the same attacks that every business receives" through web-connected networks, Arkansas Electric Cooperative Corporation Chief Executive Duane Highley told the hearing.
"Those are very routine kinds of attacks and we know very well how to protect against those...Our control systems are not vulnerable to attack," he told Reuters after the hearing, saying current NERC standards make it illegal to interconnect the public-facing networks and the control centers.
But many lawmakers echoed some senior White House officials in expressing fear that while they do not know of any successful attack on the power grid, hackers may have that ability.
Senior Obama administration officials began warning late last year that foreign enemies are looking to sabotage the US power grid, air traffic control systems, financial institutions and other infrastructure.
Last week, NERC Chief Executive Officer Gerry Cauley told the Reuters Cybersecurity Summit that there has never been a destructive cyber attack on the grid, mostly probes and spying malicious software and that he worried more about physical attacks on the power grid than cyber ones.
Tuesday's report cited an unidentified Northeastern power provider as saying it was under constant attack from cyber criminals as well as activist groups who have been targeting firms in the energy sector over the past few years.
A power provider from the Midwest said it experienced daily probes of its systems: "Much of this activity is automated and dynamic in nature, able to adapt to what is discovered during its probing process," the company said.Reuters contributed to this report.