I am a little puzzled why anyone thinks that millions of power grids across the U.S. are suddenly going to fail all at once. Pretty sure there's no disgruntled group out there big enough to cause such havoc.
Not sure at all since the USA has only three main power grids in the first place, not millions. If you need more there is plenty, just ask
The U.S. power grid has been supplying countless people with power since its initial installation in the 20th century. The three main interconnections, or grids, that make up the entire power grid for the Lower 48 states of the U.S. are:
- The Eastern Grid: Covers the area from the east coast to just east of the Rocky Mountains. Parts of northern Texas are also covered by this grid.
- The Western Grid: This grid covers the area starting with the Rocky Mountains and continuing outwards to the west coast.
- The ERCOT Grid: The ERCOT, or Electric Reliability Council of Texas, grid covers almost the entire state of Texas.
With issues like outdated, failing infrastructure and hackers with the potential to cause outages, the U.S. power grid is becoming more
prone to issues and outages across the country. Extreme weather and superstorms regularly cause outages that can be costly both to repair and for facilities that rely on power for
mission-critical functions. The vulnerability of the U.S. power grid is a major reason why many business and home owners choose to install backup generators to keep essential functions running even when the power grid malfunctions. Many communities are also opting to install
microgrids for an alternate power source. Microgrids can generate power via renewable sources such as solar panels or wind turbines, making them a more environmentally friendly and responsible option as well as good protection against power failure from the country’s major power grid.
How Power Grid Hacks Work, and When You Should Panic | WIRED
IN 2017, IT can sometimes seem like power grids are practically crawling with digital intruders. Over just the past four months, news has emerged that Russian hackers
penetrated a nuclear power plant, that the same group may have had
hands-on access to an American energy utility's control systems, that another group of Kremlin hackers
used a new form of automated malware to induce a power outage in Ukraine—and now, this week, that North Korean hackers
breached an American energy utility. Reading those headlines, you'd be forgiven for thinking that hacker-induced blackouts were a near-weekly occurrence, not a
twice-ever-in-history event.
But as real as the threat of power-utility hacking may be, not every grid penetration calls for Defcon 1. Responding to them all with an equal sense of alarm is like conflating a street mugging with an intercontinental ballistic missile attack. What's publicly referred to as a "breach" of an energy utility could range from something barely more sophisticated than a typical malware infection to a nation-state-funded moonshot months or years in the making. Those incidents could also have vastly different consequences, from mere data theft to a potentially catastrophic infrastructure failure.
It's true that the last several years have seen a "stark spike" in hacking attempts on industrial control systems like power utilities, water, and manufacturing, says Rob Lee, a former NSA analyst who now runs the critical-infrastructure-focused security firm Dragos, Inc. But Lee says it's crucial to keep a sense of proportion: Of the hundreds of well-funded hacker groups that Dragos tracks globally, Lee says that roughly 50 have targeted companies with industrial control systems. Of those, Dragos has found only six or seven groups that have reached into companies' so-called "operations" network—the actual controls of physical infrastructure. And even among those cases, Lee says, only two such groups have been known to actually trigger real physical disruption: The Equation Group, believed to be the NSA team that used the
Stuxnet malware to destroy Iranian nuclear enrichment centrifuges, and the Sandworm team behind
the blackouts in Ukraine.
So when news arises that hackers have merely "penetrated" an energy utility—as North Korean hackers recently did—receive it with those numbers in mind, and not with the assumption that the next Stuxnet or Sandworm has dropped. "This is a world where people can die," Lee says. "If we come out and say it’s a big deal, it should be a big deal."
To that end, here's WIRED's guide to the different gradations of grid hacking, to help you dial in your panic to the appropriate level for the power-grid penetrations to come. And there will be more.
Step One: Network Breach
When government agencies or the press warn that hackers have compromised a power utility, in the vast majority of cases those intruders haven't penetrated the systems that control the flow of actual power, like circuit breakers, generators, and transformers. They're instead hacking into far more prosaic targets: corporate email accounts, browsers, and web servers.
Those penetrations, which typically start with
spearphishing emails, or "watering hole" attacks that infect target users by hijacking a website they commonly visit, don't necessarily differ from traditional criminal or espionage-focused hacking. Most importantly, they don't generate the means of causing any physical damage or disruption. In some cases, the hackers may be performing reconnaissance for future attacks, but nonetheless don't get anywhere near the actual control systems that can tamper with electricity generation or transmission.
raised alarms when it revealed that North Korean hackers had targeted US energy facilities. A followup
report from security news site Cyberscoop asserted that at least one of those attempts successfully penetrated a US utility. But a subsequent FireEye blog post indicated that its analysts had only found evidence that the hackers had sent a series of spearphishing emails to its intended victims—a fairly routine hacking operation that doesn't appear to have come close to any sensitive control systems
Step Two: Operational Access
Hackers poking around an energy firm's IT system should cause some concern. Hackers poking at operational technology systems, or what some security experts call OT, is a far more serious situation. When hackers penetrate OT, or gain so-called operational access, they've moved from the computer systems that exist in practically every modern corporation to the far more specialized and customized control systems for power equipment, a major step towards manipulating physical infrastructure.
In one recent hacking campaign, for instance, Symantec revealed that a group of hackers it named DragonFly 2.0—possibly the same Russian group
reported earlier in the summer to have broken into a US nuclear facility—
had gained operational access to a "handful" of US energy firms. The intruders had gone so far as to screenshot the so-called human-machine interfaces for power systems, likely so that they could study them, and prepare to start flipping actual switches to launch a full-on grid attack.
Step Three: Coordinated Attack
Even when intruders have "hands-on-the-switches" access to grid control systems, Lee says, using that access effectively is far harder than it might seem. In fact, he argues that all actions ahead of flipping that switch are just a preparatory stage that represents only about 20 percent of the hackers' work.