In the world of cybersecurity, a hacker taking down a city’s electrical grid is a classic nightmare scenario. Indeed, it’s already happened in Ukraine.
But while the idea of a hacker blackout seems scary, experts say the chances of a disruptive electric-grid attack are low in the U.S.
“Should people be concerned and should governments be taking action? Yes,” said Robert M. Lee, CEO and founder of cybersecurity firm Dragos. “Should we be building bunkers and freaking out? No.”
Lee investigated the 2016 attack on Ukraine’s power grid. Hackers created malware to attack an energy site, causing blackouts in Kiev for about an hour. The malware is called CrashOverride.
At the Black Hat conference in Las Vegas this week, Lee explained how CrashOverride could be used as a blueprint for cyberattacks on energy facilities around the world.
It might be concerning that this could be scaled to other facilities, but don’t panic just yet.
How it works
Before electricity gets to your house, it goes through a couple steps first. It is generated — from things like fossil fuels, nuclear power, or renewable sources — and then goes through a transmission site before it is pushed out to your home.
CrashOverride targets the transmission site.
Although CrashOverride could be used for attacking other transmission sites, it is not a likelihood it would be used in the U.S., said Lee, who previously worked in the intelligence community. It’s not easy to get the malware on the transmission site in the first place.
“It’s fairly easy to do if the adversary has the intention to do it, and can get into the environment,” he said. “That ‘get into the environment’ gap depends on where in the world you are, and how you’re relying on power. Here in the U.S., it’s difficult.”
U.S. energy networks are segmented. That means computers on the business side are not connected to the machines responsible for distributing power. So if someone launches an attack against business computers to try and steal credentials or places malware on a computer, it would not be able to jump to the machines controlling the grid.
A secure grid
Cyber intrusions at energy facilities are often means of gathering intelligence or data, and some types, like phishing attacks, aren’t unusual. For instance, the government recently warned U.S. energy facilities of a targeted campaign trying to steal credentials, like usernames and passwords, from energy firms’ corporate networks.
The Wolf Creek nuclear facility in Kansas was one of the victims of this recent attack. A spokeswoman for Wolf Creek told CNN Tech earlier this month that the attacks did not impact operations at all because the operation systems were separate from the networks that were targeted.
The electric grid is resilient. If the grid in your city was hit with a cyberattack, it would bounce back quickly, Lee said. The actual impact — or time of electricity going out — would be a few hours.
It’s not the outage that would be the most damaging aspect to a destructive grid attack, however.
“The biggest impact to us would be psychological in nature,” Lee said.