Power hacking

Reps. Ed Markey, D-Mass., and Henry Waxman, D-Calif., made an uncomfortable discovery after sending a questionnaire about infrastructure security to over 150 U.S. electricity providers: Some power utilities report “daily,” “constant,” or “frequent” attempted cyberattacks on their computers and control systems. Others may experience such attacks but be unwilling to admit it. A third of utilities only answered some questions on the congressional survey, and another third didn’t respond to it at all.

With more utilities implementing automated “smartgrid” systems that are connected to the internet, hackers—many from Middle Eastern and Asian nations—are seeking to infiltrate their networks, possibly in hopes of damaging computers and equipment and ultimately shutting off the power supply. That could be a major problem if it occurred in conjunction with an attack on U.S. soil.

One Midwestern utility told the congressmen, “We see probes on our network to look for vulnerabilities in our systems and applications on a daily basis. Much of this activity is automated and dynamic in nature—able to adapt to what is discovered during its probing process.” Another utility said it withstood about 10,000 cyberattacks each month. No survey respondents reported any equipment damage.

Another vulnerability: A present-day geomagnetic storm (from a solar flare) as large as a known storm that occurred in 1921 could destroy hundreds of transformers. But most utilities responding to the questionnaire said they hadn’t taken any steps to prevent such a disruption, and most don’t own spare transformers.

If power companies can voluntarily improve their security, they may want to make it a priority before Congress does. Markey and Waxman are calling for a federal agency to mandate new utility security measures.

Unapproved hospitality

Airbnb.com is an innovative web service allowing homeowners or tenants to rent out private bedrooms to travelers for a night or two (or three, or four ...) . But in May the service met with a major legal setback in New York City when a judge fined a resident $2,400 for renting out part of his condo, ruling he had run afoul of state law. Airbnb had argued that a law preventing private daily room rentals was meant to stop illegal hotels, not private residents. Canadian officials have also cracked down on Airbnb rentals, citing similar code violations. —D.J.D.

Watertight leaks

With the revelation that the U.S. Justice Department secretly obtained two months’ worth of phone records for Associated Press reporters, it’s clear that anonymous phone tips aren’t completely off the record where government investigators are concerned. The situation is even stickier for email, which is only protected from search without a warrant for 180 days. Now news organizations are testing online drop boxes where leakers can securely and anonymously upload documents and messages.

Just two days after the AP phone records news broke, The New Yorker launched Strongbox, a high-security depository that not only receives anonymous tips and leaked documents, but functions as a two-way communications system: Leakers can send messages without revealing their identity, and reporters can reply but won’t know who they’re talking to, or have any way to trace them. Other news organizations with drop boxes include The Wall Street Journal and Al-Jazeera, though some have criticized them in the past for offering poor security. —D.J.D.