WASHINGTON – The U.S. government Thursday warned of a heightened risk of a cyber-attack that could disrupt the control systems of American companies providing critical services such as electricity and water.
Officials are highly concerned about “increasing hostility” against “U.S. critical infrastructure organizations,” according to the warning, which was released by the Department of Homeland Security on a computer network accessible only to authorized industry and government users. “Adversary intent extends beyond intellectual property theft to include the use of cyber(strikes) to disrupt . . . control processes.”
Senior U.S. officials have warned in recent months that foreign adversaries are probing computer systems that operate chemical, electric and water plants, and are increasingly concerned about a potentially destructive cyber-attack.
Such incidents are rare. Last summer, more than 30,000 computers at the state-owned oil company Saudi Aramco were destroyed when a virus wiped data from the hard drives. The same virus also damaged computer systems at Ras Gas, an energy company in Qatar. U.S. intelligence officials have said they think those attacks were linked to the Iranian government. Saudi Arabia and Qatar are allied with Western powers that have tightened economic and oil sanctions against Iran.
DHS officials did not provide details on the nature of the latest threat, but there has been renewed concern among government and industry officials about cyber-activity out of the Middle East — particularly Iran. “There have been oil and gas companies that have seen increased activity out of Iran, not just U.S. but overseas companies,” said one industry official.
The 13-page alert was released by the DHS Industrial Control Systems Cyber Emergency Response Team. The agency helps companies investigate intrusions and suggests ways to improve security. In doing so, it collects data about cyberthreats that it can use to alert the private sector.
The warning comes as the Obama administration is ramping up efforts to share more information about potential risks and encourage greater computer network security.