The document discusses cyber security threats to the US power grid. It notes that the power grid consists of over 300,000 km of transmission lines operated by 500 companies. Cyber attacks on critical infrastructure like the power grid are increasing in frequency and sophistication, which could have severe consequences. For example, a DDoS attack costing just $40 could overwhelm network links and cause a blackout. The document also provides examples of past cyber attacks on energy systems like Stuxnet and the 2015 attack on Ukraine's power grid that left 700,000 residents without electricity for 7 hours.

1. Cyber Security in
Power Grid
JISHNU PRADEEP

2. The US Power Grid
An electrical grid is an interconnected network for
delivering electricity from suppliers to consumers.
The U.S. power transmission grid consists of about
300,000 km (186,411 mi) of lines operated by
approximately 500 companies.
American homes, industries, and businesses are
deeply dependent on reliable electricity, so threats to
the consistent delivery of electricity put modern life
itself at risk.

3. Threats to the Power Grid
 Protecting the nation’s electricity grid from attacks is a critical
national security issue.
 Cyber attacks on key energy infrastructure—and on the electricity
system in particular—are increasing, both in frequency and
sophistication. These trends are alarming because the potential
consequences of a successful large-scale cyber attack.

4. Cyber attacks in Power Grids
 Infecting industrial systems, such as power grids, with malware is so simple that
there are 5-minute YouTube tutorials on how to do it. By overwhelming network
links with traffic in a DDoS attack, Internet users or cyber-terrorists can and
have removed the ability of utilities to communicate with their own electrical
grids, effectively causing a blackout.
 The estimated price for 24 hours of consistent DDoS attack is a mere $40, making
such attacks available to pretty much anybody.
 What makes this attacks worse? Difficult to spot, even when they are happening

5. Results in a ‘nightmare scenario’
 Stores closed. Cell service fails. Broadband Internet is compromised.
 Hospitals are operating on generators, but rapidly running out of fuel.
 Water supply will be hit.
 Commerce would be brought to a standstill.
 Transport and Communication lines disrupted.
 Crimes will surge.
 The geopolitical fallout could be even worse.
RESULT: Complete Chaos!
The scenario isn’t completely hypothetical.

7. Vulnerabilities
 The power grid is controlled by more than just a panel of
digital buttons.
 Grid operation depends on control systems—called
Supervisory Control And Data Acquisition (SCADA)—that
monitor and control the physical infrastructure.
 The U.S. electrical grid is decentralized network owned by
numerous local operators.
 Any smart meters connected to the internet can be easily
exploited.
The U.S. power grid is full of seams that can be exploited
by hackers.

8. Examples of Cyber Attacks on Energy
Systems
 Stuxnet (worm): It gained attention for the damage it caused at a nuclear facility in
Iran.
 Aurora: The planned cyber attack on a generator control system led to the
destruction of the generator and a fire.
 Slammer (SQL Server worm): The worm disabled a safety-monitoring system for
several hours and led to a temporary failure of a nuclear power plant’s process
computer.
 Shamoon (virus): The national oil company of Saudi Arabia, Aramco, reported in
2012 that this was responsible for damaging about 30,000 computers in an effort to
disrupt energy and oil production.

9. Attack on Ukrainian Power Grid
 Took place on 23 December 2015 and is a considered to
be the first known successful cyber attack on a power
grid.
 Hackers were able to successfully compromise
information systems of three energy distribution
companies in Ukraine and temporary disrupt electricity
supply.
 They took out 60 substations leaving 700,000 residents in
the dark. This attack was relatively short-lived (7 hours)
and benign. The next one might not be.

10. Steps involved:
 Prior compromise of corporate networks using spear-fishing emails with
BlackEnergy malware.
 Seizing SCADA under control, remotely switching substations off.
 Disabling IT infrastructure components(UPS, Modem).
 Destruction of files stored on servers and workstations with the KillDisk malware.
 Denial-of-service attack on call-center to deny consumers up-to-date information
on the blackout.

11. BlackEnergy3 and KillDisk Malwares
 What is it? BlackEnergy is a Trojan malware designed to launch
DDoS attacks, download custom spam, and banking information-
stealer plugins.
 Function: BlackEnergy malware was known to have been used to
deliver KillDisk, a feature that could render systems unusable and
could obliterate critical components on an infected system.
 Who is responsible? The Ukraine attack has been attributed
to Sandworm, a Russian cyber espionage group known to have
been harassing Ukrainian officials.