In a rare gesture of transparency, the Department of Homeland Security just announced that hackers recently targeted and compromised a public utility's control system. They didn't say exactly where, but it happened inside United States borders. And it doesn't sound like it was even that hard.
Specific details about the breach are scant. However, DHS did say that it thinks the hackers broke into the utility's control system by accessing an internet portal that employees use to sign on remotely. It didn't even require hacking really. The intruders just mounted a "brute force" attack, guessing every possible password combination until they found one that worked. It's a more advanced, probably computer-aided version of the technique when trying to log on to your neighbor's Wi-Fi. It's also more than unsettling that the DHS doesn't know for sure how the hackers did it.
While DHS says that the utility's operations weren't affected, this is all very scary. A hacker breaking into a city's infrastructure is exactly the kind of cyber attack President Obama warned Americans about a couple years ago, when he was beefing up our cyber security capabilities. But when a terrorist is only one password away from accessing a cyber control center, it's clear that we still have a long ways to go. It's also clear that these kinds of attacks can happen virtually, though hackers have mounted physical attacks on urban infrastructure.