The document discusses cyber security threats to the US power grid. It notes that the power grid consists of over 300,000 km of transmission lines operated by 500 companies. Cyber attacks on critical infrastructure like the power grid are increasing in frequency and sophistication, which could have severe consequences. For example, a DDoS attack costing just $40 could overwhelm network links and cause a blackout. The document also provides examples of past cyber attacks on energy systems like Stuxnet and the 2015 attack on Ukraine's power grid that left 700,000 residents without electricity for 7 hours.
2. The US Power Grid
An electrical grid is an interconnected network for
delivering electricity from suppliers to consumers.
The U.S. power transmission grid consists of about
300,000 km (186,411 mi) of lines operated by
approximately 500 companies.
American homes, industries, and businesses are
deeply dependent on reliable electricity, so threats to
the consistent delivery of electricity put modern life
itself at risk.
3. Threats to the Power Grid
Protecting the nation’s electricity grid from attacks is a critical
national security issue.
Cyber attacks on key energy infrastructure—and on the electricity
system in particular—are increasing, both in frequency and
sophistication. These trends are alarming because the potential
consequences of a successful large-scale cyber attack.
4. Cyber attacks in Power Grids
Infecting industrial systems, such as power grids, with malware is so simple that
there are 5-minute YouTube tutorials on how to do it. By overwhelming network
links with traffic in a DDoS attack, Internet users or cyber-terrorists can and
have removed the ability of utilities to communicate with their own electrical
grids, effectively causing a blackout.
The estimated price for 24 hours of consistent DDoS attack is a mere $40, making
such attacks available to pretty much anybody.
What makes this attacks worse? Difficult to spot, even when they are happening
5. Results in a ‘nightmare scenario’
Stores closed. Cell service fails. Broadband Internet is compromised.
Hospitals are operating on generators, but rapidly running out of fuel.
Water supply will be hit.
Commerce would be brought to a standstill.
Transport and Communication lines disrupted.
Crimes will surge.
The geopolitical fallout could be even worse.
RESULT: Complete Chaos!
The scenario isn’t completely hypothetical.
6.
7. Vulnerabilities
The power grid is controlled by more than just a panel of
digital buttons.
Grid operation depends on control systems—called
Supervisory Control And Data Acquisition (SCADA)—that
monitor and control the physical infrastructure.
The U.S. electrical grid is decentralized network owned by
numerous local operators.
Any smart meters connected to the internet can be easily
exploited.
The U.S. power grid is full of seams that can be exploited
by hackers.
8. Examples of Cyber Attacks on Energy
Systems
Stuxnet (worm): It gained attention for the damage it caused at a nuclear facility in
Iran.
Aurora: The planned cyber attack on a generator control system led to the
destruction of the generator and a fire.
Slammer (SQL Server worm): The worm disabled a safety-monitoring system for
several hours and led to a temporary failure of a nuclear power plant’s process
computer.
Shamoon (virus): The national oil company of Saudi Arabia, Aramco, reported in
2012 that this was responsible for damaging about 30,000 computers in an effort to
disrupt energy and oil production.
9. Attack on Ukrainian Power Grid
Took place on 23 December 2015 and is a considered to
be the first known successful cyber attack on a power
grid.
Hackers were able to successfully compromise
information systems of three energy distribution
companies in Ukraine and temporary disrupt electricity
supply.
They took out 60 substations leaving 700,000 residents in
the dark. This attack was relatively short-lived (7 hours)
and benign. The next one might not be.
10. Steps involved:
Prior compromise of corporate networks using spear-fishing emails with
BlackEnergy malware.
Seizing SCADA under control, remotely switching substations off.
Disabling IT infrastructure components(UPS, Modem).
Destruction of files stored on servers and workstations with the KillDisk malware.
Denial-of-service attack on call-center to deny consumers up-to-date information
on the blackout.
11. BlackEnergy3 and KillDisk Malwares
What is it? BlackEnergy is a Trojan malware designed to launch
DDoS attacks, download custom spam, and banking information-
stealer plugins.
Function: BlackEnergy malware was known to have been used to
deliver KillDisk, a feature that could render systems unusable and
could obliterate critical components on an infected system.
Who is responsible? The Ukraine attack has been attributed
to Sandworm, a Russian cyber espionage group known to have
been harassing Ukrainian officials.
Editor's Notes
Every single home, industry and business depends greatly on electricity and any sort of disruption to the power grid would put modern life at risk.
Out of all the threats faced by the power grid including weather, Cyberattacks are the ones to watch out for. It is increasing in both frequency and sophistication.
By overwhelming network links with traffic in a DDOS attack, cyber terrorists can disable power grids causing blackouts.
Any disruption to power grids would result in a nightmare scenario where all communication and transportation lines will be affected bringing life to a standstill.
Moreover, with the advent of smart grid systems,
Blackouts such as this, shown in Watchdogs, would not just exist in games, but also in everyday life.
All the generating plants and substations are connected to a control center through a public network. Attacks are mainly launched through these decentralized networks. Even the IOT smart meters connected to internet become an easy target.
Examples of a few cyber attacks launched against energy systems.
World’s first power outage caused by hackers.
They successfully managed to compromise information systems of 3 energy distribution companies to disrupt electricity in Ukraine, leaving 700,000 residents in the dark for 7 hours.
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data.
Consumers were denied information about the blackout.
Blackenergy is a trojan malware that launches a DDOS attack to deliver killdisk malware which in turn destroys files on information systems. A Russian group of hackers called Sandworm has been claimed to be responsible for this attack.