A Threat No One Is Talking About - Attack On the Power Grid

Uploaded on 2015-11-10 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Production-Utilities

If an US adversary has as its goal inflicting maximum damage and pain on the largest number of Americans, there may not be a more productive target than one of the electric power grids.

The US power grid is highly vulnerable to an attack by an EMP weapon or a solar event. Such an attack on the power grid could throw the US back into the dark ages. It would take years to build the system back up. Some experts believe that a year without power would kill as many as 9 out of 10 Americans.

Electricity is what keeps society tethered to modern times. There are three power grids that generate and distribute electricity throughout the United States, and taking down all or any part of a grid would scatter millions of Americans in a desperate search for light, while those unable to travel would tumble back into something approximating the mid-nineteenth century.

The very structure that keeps electricity flowing throughout the United States depends absolutely on computerized systems designed to maintain perfect balance be­tween supply and demand. Maintaining that balance is not an accounting measure, it is an operational imperative. The point needs to be restated: for the grid to remain fully operational, the supply and demand of electricity have to be kept in perfect balance.
 
It is the Internet that provides the instant access to the computerized systems that maintain that equilibrium. If a sophisticated hacker gained access to one of those systems and succeeded in throwing that precarious balance out of kilter, the consequences would be devastating. We can take limited comfort in the knowledge that such an attack would require painstaking preparation and a highly sophisticated understanding of how the system works and where its vulnerabilities lie. Less reassuring is the knowledge that several nations already have that expertise, and—even more unsettling—that criminal and terrorist organizations are in the process of acquiring it.

It would be comforting to report that those agencies charged with responding to disaster are adequately prepared to deal with the consequences of a cyberattack on the grid. They are not.

For all the warnings from high-ranking members of the military and intelligence establishments, and despite the known vulnerabilities of the transformers critical to the viability of the grid, there remains a determination among many government officials to stress the grid’s resilience. They invariably cite as evidence the manner in which electric power has been restored in the wake of one natural disaster after another. Absent a crippling example to the contrary, the presumed consequences of a cyberattack on a power grid are bundled into the same general category as blizzards, floods, hurricanes, and earthquakes.

This approach falters, however, when relevant federal agencies fail to provide for (or in some cases even contemplate) the difference in magnitude between the effects on the grid of any recorded natural disaster and the potential effects of a massive cyberattack. For one thing, the affected area could be much greater. Even the partial blackout of a grid could leave half a dozen or more states without electricity. Also, unless one credits the Old Testament–style intervention of an angry deity, storms do not deliberately target a system’s critical weaknesses. Cyberattacks do, and if we assume that the attackers are predisposed to inflict maximum damage, they will try to conceal what they are doing.
 
That’s not the sort of message that would inspire widespread confidence in a concerned public, but it has the ring of authenticity to it.

This piece has been adapted from Ted Koppel's new book, "Lights Out: A Cyberattack, a Nation Unprepared, Surviving the Aftermath," 
Sentinel: http://bit.ly/1L6F666
Ted Koppel: http://bit.ly/1KLipnK

 

« Waging Cyberwar In Peacetime
British Police Want Access to UK's Entire Web Browsing History »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation is Europe's leading centre for research & education in cybersecurity, cybercrime and digital forensics.

RPC

RPC

RPC is a business law firm. Practice areas include technology and cyber risk.

Cyber Risk Opportunities

Cyber Risk Opportunities

Cyber Risk Opportunities was formed to enable middle-market executives to become more proficient cyber risk managers so their organizations can thrive.

NetKnights

NetKnights

NetKnights is an independent IT security company which offers services and products for strong authentication, identity management and encryption.

PRESENSE Technologies

PRESENSE Technologies

PRESENSE Technologies specializes in monitoring and enforcing IT security policies at critical points in the network and on end systems.

CyberGhost

CyberGhost

CyberGhost is a Virtual Private Network services provider offering secure encrypted access to the internet.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

MER Group

MER Group

MER Group is a world-leading integrator in the areas of communications and security. MER cyber solutions cover the entire range of cyber and intelligence related products and services.

Business Continuity

Business Continuity

Business Continuity delivers integrated IT solutions for cybersecurity, virtualization, cloud platforms and operational security solutions.

Trusona

Trusona

Trusona is a pioneer and leader in passwordless two-factor authentication (2FA).

Ultra Electronics

Ultra Electronics

Ultra specialises in providing application-engineered bespoke solutions. We focus on mission critical and intelligent systems in the defence, security, critical detection & control markets.

Swiss It Security Group

Swiss It Security Group

Swiss It Security Group offers clients complete IT security concepts based on innovative solutions and technology, with a focus on protection, detection and defence.

NORMA Cyber

NORMA Cyber

NORMA Cyber delivers centralised cyber security services to Norwegian shipowners and other entities within the Norwegian maritime sector.

MiC Talent Solutions

MiC Talent Solutions

MiC Talent Solutions provides recruiting, direct hire, augmented staff, and professional service contracting solutions for organizations searching for minority cybersecurity talent.

COPA-DATA

COPA-DATA

COPA-DATA is the only independent software manufacturer to combine in-depth experience in automation with new possibilities of digital transformation – reliable, future-proof and operating worldwide.

SecureClaw

SecureClaw

SecureClaw offers specialized cybersecurity consultation, various products, and a range of services to meet your company's business domain needs.