The American grid security story grows increasingly grim. Last week, security consulting firm Symantec warned that recent cyberattacks gave hackers direct access to the nation’s power grid on multiple occasions, according to a new report by Wired.
This time, not only the United States was exposed, said Symantec. Europe also experienced similar vulnerabilities, proving the hackers could have induced blackouts on both sides of the Atlantic. Thankfully, this apocalyptic scenario didn’t happen.
In spring and summer 2017, the Dragonfly 2.0 hacker group—a primary culprit featured in cybersecurity reports from many experts lately—launched campaigns against energy companies. They succeeded 20 times, hacking their way into full access to their target companies’ corporate servers and operations controls. This meant they could turn off circuit breakers that control the direct flow of electricity to homes and businesses.
“There’s a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage… being able to flip the switch on power generation,” Eric Chien, a Symantec security analyst, told Wired. “We’re now talking about on-the-ground technical evidence this could happen in the U.S., and there’s nothing left standing in the way except the motivation of some actor out in the world.”
The Ukrainian grid power blackouts of 2015 and 2016 are generally considered the first instances of cyberattacks wreaking havoc on a nation’s power supplies. Analysts believe that the perpetrator of the first attack on Ukraine’s power back in December 2015 was the Sandworm team, a group of hackers who previously targeted Europe and the United States. An updated version of their most lethal software, Blackenergy 3, was at the root of Ukraine’s initial power crisis.
Fast forward one year to December 2016, when Ukraine faced the CrashOverride virus, which could be the hackers’ “silver bullet” weapon, the researchers said. Deployed by Sandworm and a related group known as Electrum, it builds off of the malware capabilities in Stuxnet and the espionage nature of another virus called Dragonfly. Like Blackenergy 2, the virus connects to the internet, which allows it to leverage systems against themselves in a sophisticated, multi-stage attack.
This time, Symantec stopped short of blaming any specific countries, but did suggest possible perpetrators. The company also declined to comment on the hackers’ motives, though inducing a doomsday scenario would be a common end goal among any jihadists, Russian spies or other geopolitical foes of the American and European foreign policy agenda. Dragonfly 2.0 is the most likely culprit based on the timings of the 2017 campaign and Palmetto Fusion attacks, which targeted a Kansas nuclear power plant.
Poring through data on the most recent transgressions, Symantec tracked the hackers’ technique: sending fake emails with invites to corporate events. When the recipients open the invitations, it activates a software that takes screenshots of digital control panels running on engineers’ computers.
In July, the ongoing federal investigations on Russian involvement in the 2016 U.S. presidential election found that hackers who specialized in attacks against electric grids were employed by the Kremlin. There are several Russian hacker groups, and it hasn’t yet been determined which—if any—team was behind these efforts.
It’s clear that a solid defense against cyberattacks on energy and power companies is the only way to mitigate civilizational risk from the collapse of American and European utility systems. It almost doesn’t even matter who’s even behind them—we just need strong protection plans.