Ukraine, December 23, 2015: a worker at one of Western Ukraine’s power distribution centers watched helplessly as his computer was taken over by a hacker, who – with click after click of his now remotely controlled mouse – proceeded to take about 30 substations offline. Two other power distribution centers were hit at the same time, bringing the number of substations disabled to 60 and the total number of people without power to 230,000.
The culprit: a piece of Malware called BlackEnergy3, which had infected computers tasked with running the energy grid. Because the attackers changed users’ passwords, preventing them from logging in to stop the attack, and because the virus erased key monitoring computers, engineers were unable to immediately restore power. Eventually, hours later, power was restored using more traditional manual controls, but not before inflicting extensive damage to power control system that is still being remediated today.
The cause of all this chaos? It is believed someone at the power plant unknowingly open an infected Microsoft Word document. Makes one pause, doesn’t it?
Sure, this happened on the other side of the planet, but the United States is not immune to a similar attack. In fact, it’s already happened simvastatin 10 mg.
In 2014, it was reported that the US energy grid was attacked 79 times, and the modus operandi for the majority of them was similar to the Ukraine attack – the virus or malware was released through infected email. While the Department of Homeland Security has said such a thing is a “rare occurrence and unlikely to cause widespread damage,” hackers have still been able to infiltrate the US energy grid.
A restricted DHS assessment revealed 17 intrusions against the US energy sector by APT (advanced persistent threats) actors in 2014. While no power disruptions occurred – primarily because their intention was to steal data and maintain presence for future attacks – access was nonetheless gained. And because another of their goals is to engage in cyber espionage, hackers who have infiltrated a system can potentially still launch “a damaging or disruptive attack in the event of hostilities with the United States,” which the DHS concluded as being “possible but not likely.”
Some cybersecurity experts are wary of that assessment, however, saying that, while that conclusion might be based on politics, an attack is “way more than technically possible.” And because the US infrastructure is more reliant on automation, any disruption to power delivery, like the one in Ukraine, would be disastrous on a different level, disabling ATMs, cell phones, traffic lights, banking systems, health care systems, etc.
As individuals, we likely have no way to stop a nationwide power grid attack, but the scenario underscores the need to be aware of the continuous real threat in the world today. We should all look at our touch points to technology, have security at the top of our minds at all times, and ask:
Am I expecting that attachment from someone I don’t know, or even if I do know them?
When was the last time I ran updates or patched my system or device?
Did I share my password or information with anyone?
When was the last time I changed my password?
Do I protect all of my personally identifiable information?
Do I backup all my important information?
As we have become more reliant than ever on technology and the way we consume it, we must realize and accept the fact that the threats are real. Whether it’s family photos, important classified documents or email, we should all be aware of how we handle them and be cautiously skeptical when receiving things. Cybercrime has become a multi-billion dollar enterprise perpetrated by governments, organized crime, political activists, individuals and others groups with bad intentions. We can all do our part by making it harder for them to get a foothold, by using safe computing practices and protecting our personal information.