Tag Archives: Power Grid

Who Turned Off The Lights?

The security firm Symantec is reporting that hackers have compromised energy companies in the U.S.  and Europe.

Well that sounds bad enough, but we have to ask the question “what do you mean when you say compromised?”

The answer is a little bit complicated.  For most energy companies, in a bid to make it tougher for hackers, isolate their operations network – the one that controls power generation and distribution – from the administrative network – the one where users get email and browse the web and such.

Except that life is never that clean.  The power companies, as part of their business, need to get data out of their operational network to manage the business, upgrade software and many other things, so the two networks are not really completely separate – but they do try hard.

Well, according to Symantec, in this case, when they mean compromised, they mean that the hackers were into the network far enough that they could turn off your lights.

Symantec says that the group that they are calling Dragonfly is attacking energy grid operators, major electricity generation firms, petroleum pipeline operators and energy industry equipment providers.  Companies who were compromised were located in the United States, France, Spain, Italy, Germany, Turkey and Poland.

Assuming these hackers could really “flip the switches”, it would seem like they could do a LOT of damage.  And, depending on what they actually did, it could take a little time or a long time to fix.

Symantec says that this group is likely state sponsored.  Which state they aren’t saying, but I’m betting on Russia.

Symantec provides a lot of details on how the attack works, so if you are interested  go to the Symantec link below for more information.

You may remember that hackers – likely Russians – actually did turn off the lights in Ukraine in the dead of winter in 2015 and 2016.  It is not that far a stretch to think that hackers could do that to the U.S. energy industry.

Homeland Security has been working with the energy industry for the last several years to try and mitigate this threat and they probably have made some headway, but making headway and saying hackers can’t turn off the lights are two very different things.

Of course Homeland Security does not want the American public to panic, so they are going to try very hard to spin things into “this is not a problem;  we have it covered”.  If you believe that line, I have some land I want to sell you in the Florida Keys.

Unfortunately, there really isn’t a lot for the average bear to do.  You can’t fuss at the power company.  Well, you can, but they will likely call you a nut case.

Being knowledgeable on the situation and providing input when possible is a reasonable course of action.  Panicking is not.

I wish I had a better answer, but I don’t.

Information for this post came from Symantec and Wired.

Facebooktwitterredditlinkedinmailby feather

‘Crash Override’ Might Take Down US Power Grid

What if the attack on the Kiev power station last Christmas which killed power to a goodly chunk for the city was just a dry run?  For what?

Security researchers at ESET and Dragos analyzed the malware used in the attack and say it represents a dangerous advancement in attacks on critical infrastructure.

Like Stuxnet before it, it was purpose built to damage industrial control systems.

The system, called Crash Override or Industroyer, is modular with the ability to swap in and out modules, depending on the particulars of the system they are attacking.

This version of the software knows how to directly talk to the hardware that controls the power grid, rather than attacking the workstations that manage the grid.  Given that it is modular, the attackers could configure it with particular attacks based on the control systems a particular plant uses.

By damaging the hardware, the attack would be much more difficult to recover from.  If the controls don’t respond, then engineers would need to go directly to the substations to try and recover.  Assuming there is a way to do that.  At some stations, there are no manual overrides, just automation.  Damage could mean that you have to reboot the hardware.  OR, it might mean that you have to replace the hardware.  That is what we saw in Ukraine.  Depending on how much damage it does it could take time to recover.

The North American Electric Reliability Corporation or NERC has been working very actively with the utility industry to make it more resilient to attacks, but as the industry gets better, so do the attackers, so it is not a simple problem to solve.

This malware is also more automated than the software used in the 2015 Ukraine attack.  That attack took 20 people to attack 3 companies.  Experts say that with this new software that same team could attack ten or fifteen targets  – or more.

Unlike Stuxnet, which is believed to be the work of Israel and the United States, this malware is thought to have come from Russian hackers.

The researchers note that this does not spell the end of humanity – although grid operators should be concerned.  They say that the malware is very “noisy”, meaning that it is not subtle as it tries to map out the network it is attacking.  If operators are watching their network, they will see the attack early, hopefully before it can do much damage.  Stay tuned.   Could Russia attempt to launch an attack in the U.S.?  Sure, its possible.  Could they try to attack more than one part of the grid at once?  Also possible.  Would they succeed?  That is the real question.  One that we don’t know the answer to.

Information for this post came from Wired.

Facebooktwitterredditlinkedinmailby feather