Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 9 MINUTES AGO.
You are here: Home / Cybercrime / Could Hackers Knock Out the Lights?
Could Cyberattacks Knock Out Lights in the U.S.?
Could Cyberattacks Knock Out Lights in the U.S.?
By Matt OBrien Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
OCTOBER
13
2017
Hackers likely linked to the North Korean government targeted a U.S. electricity company late last month, according to a security firm that says it detected and stopped the attacks.

John Hultquist, director of intelligence analysis for FireEye, said Wednesday that phishing emails were sent on Sept. 22 to executives at the energy company, which he declined to identify. The attacks didn't threaten critical infrastructure.

It's the latest evidence of cyberespionage from various government-backed hackers targeting U.S. energy utilities, though experts say such attacks are often more about creating a psychological effect.

Could It Happen Here?

Concerns about hackers causing blackouts have grown since cyberattacks in Ukraine temporarily crippled its power grid in 2015 and 2016.

But a "zombie apocalypse" scenario is unlikely in the United States, said Joe Slowik of Fulton, Maryland-based security firm Dragos, which has researched the attacks on the Ukrainian grid.

"As a realistic scenario, it's very faint," he said. But, Slowik said, "somebody who is motivated and lucky enough" could cause significant harm.

Isolating Controls

It's easier to hack into emails and a front-end computer system than tap into industrial controls. That's why, in theory, most energy companies isolate their regular workplace networks from high-security control rooms.

The nuclear power industry, for good reason, is considered to be the best at such security practices. But some smaller and locally focused electricity providers fall short in creating an impenetrable wall around industrial controls, often referred to as an air gap.

"There's always some sort of a bridge, whether it's a human being in their sneakers, or a wireless connection," said Michael Daly, the chief technology officer for cybersecurity and missions at defense contractor Raytheon, based in Waltham, Massachusetts. "There's no such thing as a totally air-gapped system."

Geography Helps

One thing protecting the U.S. electricity grid from a large-scale outage is that it's segmented by region. Another thing is military might: Nation-state actors know that crossing the line from routine, long-term surveillance to a true attack on the grid could merit a powerful response.

Neither of those means those protecting critical infrastructure are doing enough.

"There are many reasons to target smart grids," said Daly. "Nation-states can learn a lot by watching power usage."

Or they could lay in wait, he said, with the aim of one day pulling the trigger and targeting a grid's customers by slowing down power or cutting it off completely.

The latest attempted intrusion spotted by Milpitas, California-based FireEye was notable for its boldness, said Hultquist: The malefactors didn't seem worried about being discovered.

That's a sign that even if foreign governments aren't yet interested, or capable, of turning out the lights in New York or Los Angeles, they might at least want to signal that they're thinking about it. Or they might be laying contingency plans to cause disruption in case of conflict.

© 2017 Associated Press under contract with NewsEdge/Acquire Media. All rights reserved.

Image credit: iStock.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN CYBERCRIME

NETWORK SECURITY SPOTLIGHT
China-based Vivo will be the first company to come out with a smartphone featuring an in-display sensor for fingerprint security, beating Apple, Samsung, and other device makers to the punch.

ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.