With growing uncertainty and tension in the political climate, many experts have started to speculate what the next world war could look like. Rather than resorting right to bombs, some leaders say we’re more in danger of a blackout. With just a few lines of code to the right control computers at key power plants, equipment could overheat and meltdown, sending the U.S. and Canadian grid into total darkness. And we have become so reliant on technology that much of the country would be “blind and unresponsive” to outside events.
For years, Pentagon planners have understood the danger of cyber attacks on our military networks. It’s not surprising that the Defense Department’s Global Information Grid is one of the most frequently targeted computer networks on earth. But the concern extends beyond information espionage on military networks, and into the tangible assets essential to our daily lives. If you look at it, the critical infrastructure that keeps the country running—from water-treatment facilities to pipelines to the electrical grid—is operated on industrial control systems. These industrial facilities and utilities are owned by private companies…and those companies are responsible for their own security.
The truly frightening part is that many of today’s control systems were actually installed years ago with very few cyber-security features. That’s a growing problem now that many of them have been patched into company computer networks, which are linked the Internet, and therefore vulnerable to hacking.
According to Melissa Hathaway, a cyber-coordination executive for the Office of the Director of National Intelligence, the list of potential adversaries is long and complex—ranging from disgruntled employees to criminals to hostile nations. Today, most experts already agree that China and Russia are probing our networks looking for vulnerabilities.
“If I were China, and I was going to invade Taiwan, and I needed to complete the conquest in seven days, then it’s an attractive option to turn off all the electricity, screw up the banks, and so on,” James Lewis, a cyber-security expert at the Center for Strategic and International Studies, says.
But could the entire U.S. grid be taken down in an attack?
“The honest answer is that we don’t know,” Lewis comments. “And I don’t like that answer.”
According to the chief of US Cyber Command, it’s a matter of “when not if” the US power grid is hit by cyber attackers. A recent high-profile attack that shut down power in Ukraine proves it is possible. The consequences were evident, and the attack lasted for a matter of hours. The question is whether such an attack could shut us down for weeks and months.
In Ukraine, a nation-state infected a power company with malware that shut down computers and turned lights off. But the company recovered in hours.
“The goal of a cyber attack like that against the United States infrastructure from a nation-state…is going to be not just to turn the power off, but to keep it off for an extended period of time or an extended area impacting millions and millions of people,” Cris Thomas of Tenable Network Security told reporters at Tech Insider. Thomas notes that an attack like that is something we’ve never seen before.
Still, the threat is still a concern to experts like Adm. Michael Rogers of US Cyber Command. Though unlikely, if a massive attack were to take place, the results could be devastating.
“Destroy nine interconnection substations and a transformer manufacturer and the entire United States grid would be down for at least 18 months, probably longer,” a government analysis obtained by the Wall Street Journal noted. Thomas calls this the “9 substation problem.” There are about 55,000 electric substations and 30 of them are deemed “critical.” If nine of those 30 were messed with, we would be without power for quite some time.
This may not be happening anytime in the near future, but it’s definitely something to think about.
Sources: Popular Mechanics, Business Insider