In December of 2010, long before news broke regarding the Chinese attacks on US critical infrastructure, I got a call from a utility customer that quite simply said, “We’ve been hacked and I don’t know how bad. Can you help?”
I was on a plane the next day and over the next seven weeks we tracked a hacker on their internal network. When we finally caught our hacker, the first thing that caught us by surprise was that he was on site. We always suspected a team of foreigners, hired to provide support for a Smart Grid development contract, and in fact we had already confiscated one of their laptops. Still, we couldn’t prove any of them were part of the attack.