The United States Government put out a report this month outlining some very real vulnerabilities in the U.S. power grid and connected systems. While experts have known for a while that this is a vulnerable critical system, this is one of the first official reports stating that these systems are constantly being attacked by cyber villains.
The Congressional Research Service was put out by the Federation of American Scientists, which warns that potential terrorist group or rogue nation hackers are finding ways to insert malware into internal systems that govern the U.S. grid.
The systems were built vulnerable, simply because they weren’t originally designed to be connected to the internet. However, advances in technology is leading to a concept known as the Smart Grid, depicted below.
The Energy Independence and Security Act, Section 1301, states that aspects of the Smart Grid include:
- Increased use of digital information and controls technology to improve reliability, security, and efficiency of the electric grid.
- Dynamic optimization of grid operations and resources, with full cybersecurity.
- Deployment of “smart” technologies (real-time, automated, interactive technologies that optimize the physical operation of appliances and consumer devices) for metering, communications concerning grid operations and status, and distribution automation.
These technologies will drastically increase ease-of-use and efficiency of the systems, however since the technologies were not built on a secure platform or design, every external connection opens up a security hole for attackers to use.
“Hackers have used the BlackEnergy Trojan horse to deliver plug-in modules used for several purposes, including keylogging, audio recording, and grabbing screenshots,” according to the report. ” The BlackEnergy Trojan horse has plug-ins that can destroy hard disks, which is useful in hiding their tracks once they are detected.
The Sandworm Trojan, through spear phishing attacks, has been used to deliver the BlackEnergy Trojan into the SCADA systems, which targeted a specific piece of software, GE Intelligent Platform’s CIMPLICITY HMI solution suite. This software is used to monitor and control devices in an industrial environment.
Another virus that has been used is the HAVEX, which is used to open back doors into systems, meaning they can launch attacks, possibly coordinated on a grand scale, at a later date.
The issue here isn’t necessarily nation states monitoring the systems, because grand hacking attempts by them may end up having drastic consequences and retaliation by the U.S. The problem is that Terrorist hacker groups, who inherently are very difficult to locate, care not about this retaliation.
“A terrorist or similar organization would likely be undeterred by such a consequence [of potential retaliation], and may use the worm for its own purposes,” according to the report. “Given the potential for damage to the nation’s economy from a major cyberattack on the grid, some might suggest a greater focus on recovery is needed and should become as much a part of a cybersecurity strategy as are efforts to secure the system.”