In April 2013, an intrusion at the PG&E power substation in Silicon Valley knocked out local 911 services and cell phone service in the area. A team of gunmen who opened fire at the plant late at night and damaged 17 transformers was to blame.
But an intelligence community program manager warns a hack attack possibly could have had the same effect.
Now, a counterterrorism surveillance program that logs reports of suspicious behavior from spots across the country is also documenting reports of suspicious activity across the Internet.
The director of national intelligence in 2008 stood up the "suspicious activity reporting," or SAR, program as a post-Sept. 11 national security initiative. Authorities were trained to monitor for certain behaviors at airports, train stations and large events that might indicate a security threat. Local authorities currently send reports of sketchy behavior to Department of Homeland Security-funded, regional fusion centers, where analysts make sense of the narratives.
Today, as physical systems become connected to the Internet of Things, and federal watchdogs warn of plane hacking, authorities also are filing suspicious online activity reports.