Ukraine’s utility grid was attacked again last month.  Could the U.S. power grid be a target?

February 7th, 2017

by Glyn Cashwell, CHHS Extern

A recent December 2016 cyber attack in Ukraine has the public concerned that the U.S. could be the next victim.  Ultimately, whether a foreign actor decides to attack the power grid will likely hinge on foreign relations, as it appears that several foreign governments probably can take down the U.S. electric grid.  In explaining why our power grid might be attacked, the following are germane: the characteristics of the recent Ukraine grid attacks, the vulnerabilities in the U.S. power grid, and past cyberattacks waged against the U.S.

In 2015, the first cyberattack that resulted in a blackout occurred in Ukraine.  In that attack, over 225,000 homes lost power.  A more complex and recent cyberattack on Ukraine’s power grid occurred in December 2016.  Both attacks took the form of spear fishing, which carries malware through e-mail, and Distributed Denial of Service attacks, which block the availability of IT devices by overwhelming them with requests from multiple distributed devices.  Researchers have concluded that attackers infiltrated and infected relevant systems up to six months before unleashing the cyberattack.  Furthermore, the associated malware went through as many as 200 revisions and multiple parties contributed to the final product.  Marina Krotofil, lead security researcher for Honeywell Industrial Cyber Security Lab, concluded that the attack vectors indicate infected systems were used “as a training ground for R&D [(Research & Development)]” to improve upon cyberattack capabilities. Similar to the malware left dormant in Ukraine for up to six months before the attack, cybersecurity experts have detected malware throughout the U.S. electric grid.  Many of them believe that the malware is sitting idle and will be invoked when cyber-attackers determine that it is “the right time to strike.”

The U.S. electric grid is extremely susceptible to cyberattacks.  Foreign countries have the capability to invoke cyberattacks that could “succeed[] in taking down one of our power grids.”   More specifically, BlackEnergy, key malware used in the Ukrainian attacks, has “been detected in the software controlling electric turbines in the United States.” The northeastern U.S. power blackout in 2003 can be attributed to several trees and to electric operator ineptitude.  That blackout spread rapidly across the U.S. largely due to power grid interconnectedness, which especially makes it a significant target.  Vandals brought down 27 transformers in Metcalf, CA in April 2013, causing much more extensive damage than experts had previously anticipated.  Jon Wellinghoff, former Federal Energy Regulatory Commission chairman, explains that relatively small coordinated attacks, like the Metcalf attack could bring down the entire U.S. power grid.  He bases his assessment on the fact that there are only three electric grids in the U.S., and “if you bring down a limited number of substations in each of those interconnects, you cannot bring the interconnect back up again.

Clearly, the Trump administration has a big job ahead of it.  If Trump’s promise to support $1 trillion in infrastructure improvements covers modernizing the power grid, that would be a good first step.  Promoting microgrids, smaller power grids that can be isolated from the main power grid, also would improve power grid resiliency.  Further investments in renewable energy could also be an essential mitigation technique.


Print Friendly

Comments are closed.