A US power grid attack is more than the stuff of Hollywood scripts
Electrical power runs just about every aspect of life for most people, and most are not prepared when the power source is interrupted or goes away. That’s what happens to us when we go through a power grid attack. Even if we were prepared a week ahead of time, we would still be in the same vulnerable position if the power were to go away abruptly.
Last year Lloyd’s published a report titled “Business Blackout” where they shared their analysis and findings of an imminent U.S. power grid attack. In their attack scenario, attackers were able to inflict physical damage on 50 of the 700 generators on the electrical grid on the east coast where there is a substantial population of people in major cities that includes New York City, Washington D.C. and Boston. In this situation, 93 million people were to be affected by a blackout.
There would most certainly be mass chaos among the population, and the total impact to the USA in the Lloyd’s report is estimated at $243 billion dollars and rising to over $1 trillion in extreme cases. In an already fragile and recovering economy, a power grid attack like this could cripple the country and most certainly disrupt any momentum the economy had been able to gain.
Based on existing intelligence, it is reasonable to assume that nation-states already possess all the information they need to launch a power grid attack on the U.S. power grid – they choose not to because of political implications. The USA probably possesses the same capabilities. It isn’t just nation-states that we need to be concerned with, as radical terrorist groups are highly motivated to bring harm to the American people and economy.
The U.S. power system is outdated, and it was never designed with network security in mind. Experts have described the U.S. power grid as decrepit and seriously out of date. By connecting U.S. electric plants to the Internet, a new and bountiful supply of attack points and back doors have been opened up to attackers.
Further complicating the security challenges in the new digital frontier is hundreds of vendors that sell software and equipment to the energy companies. This software and hardware has weaknesses that can be exploited. The companies themselves serve as a portal into the electric grid because they are connected their customers.
Within the energy sector, here are just a few examples of reported power grid attacks or attempted attacks:
- In 2012 and 2013 Russian hackers were able to successfully send and receive encrypted commands to the U.S. power generators.
- The Department of Homeland Security (DHS) announced last year that unauthorized cyber hackers were able to inject malicious software into the grid operations that allowed spying on U.S. energy companies.
- In October of last year, US law enforcement officials reported a series of cyber-attacks that were attempted by ISIS targeting the U.S. power grid.
- In December 2015, the Associated Press reported that “security researcher Brian Wallace was on the trail of hackers who had snatched a California university’s housing files when he stumbled into a larger nightmare: cyber attackers had opened a pathway into the networks running the United States power grid.”
More Here [securityweek]