Experts Warn of Possible Russian Cyberattacks on Power Grids
The cyberterrorist attack that knocked out an electricity transmission substation in Ukraine last year could be reproduced in other parts of the world, security experts warned on June 12.
Experts at the cybersecurity firm Dragos warned that the computer virus that commandeered industrial control systems at a Ukrainian substation on December 17 and shut down a fifth of Kiev’s electricity was “created as a framework to facilitate the impact of electric grids in other countries in the future outside the attack that took place with it … in Ukraine.” In other words, the malware was specifically designed to be easily modifiable for different targets across the globe.
Dragos calls the malware “CrashOverride,” and eset, a Slovak cybersecurity firm which collaborated with Dragos in its research, dubs it “Industroyer.”
Dragos’s report, titled “CrashOverride—Analysis of the Threat to Electric Grid Operations,” said the virus “leverages knowledge of grid operations and network communications to cause impact; in that way, it can be immediately repurposed in Europe and portions of the Middle East and Asia. CrashOverride is extensible and with a small amount of tailoring, [it] would also be effective in the North American grid.”
Russia’s Test/Threat Weapon?
Experts are pointing fingers at a notorious felon with a penchant for bullying and harming nations like Ukraine and the United States: Russia.
“The same Russian group that targeted U.S. [industrial control] systems in 2014 turned out the lights in Ukraine in 2015,” said John Hultquist, the director of intelligence analysis at the cybersecurity company FireEye. “We believe that [the 2015 Ukraine attack] is tied in some way to the Russian government—whether they’re contractors or actual government officials, we’re not sure,” he said.
And Dragos reported “with high confidence” that that same group has “direct ties” to the one which executed the CrashOverride attack in Ukraine last year.
The attacks in Ukraine were the world’s first-ever cyberattacks on electric-grid operations. Yet experts believe that both attacks were mere practice sessions for more serious attacks—if not blatant scare tactics.
Unsurprisingly, Russia denies any involvement in cyberwarfare, just like it has denied hacking the Democratic National Convention and attempting to manipulate the U.S. presidential elections. But there is overwhelming evidence that incriminates Russia. Consider: On June 13, the U.S. Senate passed a bipartisan bill to expand sanctions on Russia “in response to the violation of the territorial integrity of the Ukraine and Crimea, its brazen cyberattacks and interference in elections, and its continuing aggression in Syria.”
Russian President Vladimir Putin even conceded on June 1 that Russians with “patriotic leanings” could unilaterally execute cyberattacks. His comment, whether truth or casual deflection of guilt, brings little comfort to security experts who say the malware no longer requires state-level resources to modify; a computer science graduate student, they say, could easily repurpose the malware to attack U.S. grids.
Extent of Threat
If you use the Internet, or electricity for that matter, you are likely not impervious to cyberthreats like CrashOverride or Industroyer. Sue Kelly, the head of the American Public Power Association, said providers are “properly alarmed” by these cyberthreats. Michael Assante, a former chief security officer of the North American Electric Reliability Corp., warned that “U.S. utilities have been enhancing their cybersecurity, but attacker tools like this one pose a very real risk to reliable operation of power systems.”
According to usa Today, American power-grid infrastructure is attacked in some fashion—physically or electronically—every week!
“Unfortunately, many accounts of cyberattacks these days seem to produce yawns,” wrote the Washington Post in 2015. Such complacency might partly be a by-product of the genuine need for cybersecurity firms to “always balance a need to inform the public against empowering adversaries with feedback on how they are being detected and analyzed,” as Dragos noted. “Avoiding hype and fear should always be paramount,” wrote Dragos, “but this case study is of immediate significance, and this is not a singular contained event.”
The immediate significance of reports about cyberwar and potential cyberwar for the Trumpet is that the Bible’s coded language indicates the potential use of cyberweapons to instill fear, harm the economy, and cripple the military. One example is Ezekiel 7:14, which says, “They have blown the trumpet, even to make all ready; but none goeth to the battle ….” Trumpet editor in chief Gerald Flurry commented on this verse: “It seems everybody is expecting our people to go into battle, but the greatest tragedy imaginable occurred! Nobody goes to battle—even though the trumpet is blown! Will it be because of a computer terrorist?” (Philadelphia Trumpet, January 1995). We reproduced that warning in our March 2016 issue and asked, “What happens when the plug gets pulled?”