In April 2013, an intrusion at the PG&E power substation in Silicon Valley knocked out local 911 services and cell phone service in the area. A team of gunmen who opened fire at the plant late at night and damaged 17 transformers was to blame.
But an intelligence community program manager warns a hack attack possibly could have had the same effect.
Now, a counterterrorism surveillance program that logs reports of suspicious behavior from spots across the country is also documenting reports of suspicious activity across the Internet.
The Director of National Intelligence in 2008 stood up the “suspicious activity reporting,” or SAR, program as a post-Sept. 11 national security initiative. Authorities were trained to monitor for certain behaviors at airports, train stations and large events that might indicate a security threat. Local authorities currently send reports of sketchy behavior to Homeland Security Department-funded, regional fusion centers, where analysts make sense of the narratives.
Today, as physical systems become connected to the Internet of Things, and federal watchdogs warn of plane-hacking, authorities also are filing suspicious online activity reports.
“Just south of San Jose, a high power transformer was shot at by somebody with a rifle, and it caused a power failure,” said Kshemendra Paul, program manager of the DNI Information Sharing Environment, in an interview with Nextgov. “That same equipment can potentially be SCADA-controlled over the Internet, or vulnerable to cyber outages, so they need to have an integrated view” of threats, he said, referring to supervisory control and data acquisition…