Compromising vital infrastructure: the power grid
Malwarebytes Labs offers this reminder about the vulnerability of our power grid.
Read the rest at the link.Where were you when the lights went out? That line became famous after the 1977 blackout in New York City. This power outage was caused by lightning and lasted for up to two days, depending on which part of New York you lived in. While in this case the power grid failure was a freak incident due to faulty backup equipment, it is still famous for the havoc it wreaked throughout the city—including looting and arson—during a time when national morale was already low.
Now imagine something similar happening today. Would it result in the same criminal chaos? My guess is it would depend on the circumstances and how much time it takes to restore power. Let’s hope we never find out.
Power grid hardware
The underlying hardware of the power grid has gone through a lot of improvements since 1977. And so have backup systems and procedures.
In many countries, a power interruption that lasts longer than a given threshold gives the consumer the right to claim damages from the power company. These damages are to be paid by the electricity distributor. The amount of the customer compensation and the threshold can be vary from one country to another, but you can usually look them up on the website of your provider.
This is not to say that it’s impossible to do physical damage if an attacker is determined enough, as the 2013 sniper attack on a California energy grid substation demonstrated.
Recent regulations and improvements have made it rare to experience power outages of more than a few hours in the western world—unless there are special circumstances, such as natural disasters. Tornadoes, hurricanes, earthquakes, erupting volcanoes, flooding, and wildfires can cause power outages, which makes dealing with those disasters even more difficult. Any other power outages are usually restored quickly or covered by backup systems.
Malware
We are aware of several malware variants that are used against power supplies, and some of them can be held responsible for major power outages around the globe.
Stuxnet is a worm designed to spread through Windows systems and go after certain programmable controllers by seeking out the software related to these controllers. Stuxnet is believed to be specifically designed to destroy the Iranian nuclear program, but it can also be used to bring down power plants.