Summer is finally taking hold across the northern hemisphere. Here in the United States, the advent of summer often also means power outages. These outages can be caused by pop-up thunderstorms due to the increase in humidity or the drain on the electric grid, often related to the increased use of air conditioning during periods of extreme heat.
However, there could be another reason for an outage this summer and it’s one that cybersecurity researches have warned about for years. The power grid has been an infrastructure of concern for quite some time now and many contend that it is borderline irresponsible that some of these concerns may not have been addressed. Personally, it is my hope that the vulnerabilities have been addressed.
That said, reports began coming out late yesterday about malware that specifically targets power grids and has proven itself to be effective. The United States Computer Emergency Readiness Team, US-CERT issued an alert as well. The so called “Crash Override” malware successfully took down the Ukraine power grid in 2016. The outage did not last long, but is considered by researches to be a dry run to see the malware’s effectiveness. Similar to the Stuxnet malware that damaged centrifuges with the Iranian nuclear program, Crash Override is able to run on its own and does not need an active Internet connection to be effective.
The concern with this particular malware is that it was successful and its design, as reported by security firms ESET and Dragos, Inc., appears to be engineered for adaptable and multiple use, meaning it is not a one time attack tool. It is designed to be repurposed and reused, theoretically allowing it to be used to attack electric grids in several countries, including the United States and possibly multiple simultaneous attacks.
This builds on a post I wrote back in April titled Technology, Terrorism and Modern Conflict that was based, in part, on an FBI Infragard meeting I had attended, during with risks to the electric grid were discussed.
So, the next time the power goes out, it may not be due to a passing storm or heavy loads on the grid. It may be hacker.