A Threat No One Is Talking About - Attack On the Power Grid

Uploaded on 2015-11-10 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities

If an US adversary has as its goal inflicting maximum damage and pain on the largest number of Americans, there may not be a more productive target than one of the electric power grids.

The US power grid is highly vulnerable to an attack by an EMP weapon or a solar event. Such an attack on the power grid could throw the US back into the dark ages. It would take years to build the system back up. Some experts believe that a year without power would kill as many as 9 out of 10 Americans.

Electricity is what keeps society tethered to modern times. There are three power grids that generate and distribute electricity throughout the United States, and taking down all or any part of a grid would scatter millions of Americans in a desperate search for light, while those unable to travel would tumble back into something approximating the mid-nineteenth century.

The very structure that keeps electricity flowing throughout the United States depends absolutely on computerized systems designed to maintain perfect balance be­tween supply and demand. Maintaining that balance is not an accounting measure, it is an operational imperative. The point needs to be restated: for the grid to remain fully operational, the supply and demand of electricity have to be kept in perfect balance.
 
It is the Internet that provides the instant access to the computerized systems that maintain that equilibrium. If a sophisticated hacker gained access to one of those systems and succeeded in throwing that precarious balance out of kilter, the consequences would be devastating. We can take limited comfort in the knowledge that such an attack would require painstaking preparation and a highly sophisticated understanding of how the system works and where its vulnerabilities lie. Less reassuring is the knowledge that several nations already have that expertise, and—even more unsettling—that criminal and terrorist organizations are in the process of acquiring it.

It would be comforting to report that those agencies charged with responding to disaster are adequately prepared to deal with the consequences of a cyberattack on the grid. They are not.

For all the warnings from high-ranking members of the military and intelligence establishments, and despite the known vulnerabilities of the transformers critical to the viability of the grid, there remains a determination among many government officials to stress the grid’s resilience. They invariably cite as evidence the manner in which electric power has been restored in the wake of one natural disaster after another. Absent a crippling example to the contrary, the presumed consequences of a cyberattack on a power grid are bundled into the same general category as blizzards, floods, hurricanes, and earthquakes.

This approach falters, however, when relevant federal agencies fail to provide for (or in some cases even contemplate) the difference in magnitude between the effects on the grid of any recorded natural disaster and the potential effects of a massive cyberattack. For one thing, the affected area could be much greater. Even the partial blackout of a grid could leave half a dozen or more states without electricity. Also, unless one credits the Old Testament–style intervention of an angry deity, storms do not deliberately target a system’s critical weaknesses. Cyberattacks do, and if we assume that the attackers are predisposed to inflict maximum damage, they will try to conceal what they are doing.
 
That’s not the sort of message that would inspire widespread confidence in a concerned public, but it has the ring of authenticity to it.

This piece has been adapted from Ted Koppel's new book, "Lights Out: A Cyberattack, a Nation Unprepared, Surviving the Aftermath," 
Sentinel: http://bit.ly/1L6F666
Ted Koppel: http://bit.ly/1KLipnK

 

« Waging Cyberwar In Peacetime
British Police Want Access to UK's Entire Web Browsing History »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Redbud

Redbud

Redbud is a specialist search and recruitment firm for Information Security professionals.

Silverskin Information Security

Silverskin Information Security

Silverskin is a cyber attack company that specializes in having knowledge of the attacker's mindset to identify vulnerabilities and build effective and persistent defences.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

Smarttech247

Smarttech247

Smarttech247 deliver a range of cyber security solutions, including cognitive security services using IBM Watson for Cybersecurity, SIEM, Compliance & Governance, and Penetration Testing.

Mend.io

Mend.io

Mend.io (formerly known as WhiteSource) is an application security company built to secure today’s digital world.

Axonius

Axonius

Axonius is the only solution that offers a unified view of all assets and their coverage, empowering customers to take action to enforce their organization’s security policies.

u-blox

u-blox

u-blox deliver leading wireless technology to reliably and securely locate and connect people and devices.

Cobalt Iron

Cobalt Iron

Cobalt Iron is a global leader in SaaS-based enterprise backup and data protection technology.

Inceptus

Inceptus

Inceptus is a next generation Managed Security Service Provider (MSSP). We are dedicated to keeping our customers safe, secure and protected while doing business on the Internet.

eSec Forte Technologies

eSec Forte Technologies

eSec Forte Technologies is a CMMi Level 3 certified Global Consulting and IT Security Services company.

North West Cyber Resilience Centre (NWCRC)

North West Cyber Resilience Centre (NWCRC)

The North West Cyber Resilience Centre is a trusted, not-for-profit venture between Greater Manchester Police and Manchester Digital.

UK Cyber Cluster Collaboration (UKC3)

UK Cyber Cluster Collaboration (UKC3)

UKC3 has been launched to support Cyber Clusters and encourage greater collaboration across regions and nations of the UK.

Jera IT

Jera IT

Jera IT provide fully managed IT support, cybersecurity services, telecoms systems, and IT strategy consultancy to businesses based in Aberdeen and the surrounding area.

AuditBoard

AuditBoard

AuditBoard is the leading cloud-based platform transforming audit, risk, ESG, and InfoSec management.

M7 Services

M7 Services

M7 Services are a comprehensive Managed Services Provider (MSP) with a focus on delivering cutting-edge information technology solutions and unparalleled customer service.