- The most likely forms of cyber attack the national grid is vulnerable to
- The evidence that shows malicious attacks on the US grid have been attempted multiple times
- The low level of integrity in the current grid's defenses
- A checklist of backup systems at the home level every concerned citizen should work to have in place
If you have not yet read Part 1: The Electrical Grid May Well Be The Next War's Battlefield available free to all readers, please click here to read it first.
Cyber Attacks, Hacking, and Malware
The other main threat we should concern ourselves with centers on the highly automated nature of the electricity grid combined with the human propensity for mischief. As with everything these days, computer-controlled devices are at the heart of the entire electrical generation and distribution system.
Again from the same Peak Prosperity member quoted earlier:
Combine this with the known vulnerabilities of the SCADA [Supervisory Control And Data Acquisition] systems controlling the power grid and you have the recipe for a real coordinated and manufactured disaster.
US researchers have identified 25 zero-day vulnerabilities in industrial control SCADA software from 20 suppliers that are used to control critical infrastructure systems. Attackers could exploit some of these vulnerabilities to gain control of electrical power and water systems, according to Wired.com.
Nine of these potential exploits have so far been reported to the suppliers concerned and the US Department of Homeland Security.
In theory, an intruder could exploit the vulnerabilities simply by breaching the wireless radio network over which the communication passes to the server.
Unlike the "heartbleed" zero-day bug that could be more or less addressed by software server patches, the SCADA systems are hardware boxes sitting out in the field. It's quite possible they are not upgradeable, or they were made by companies no longer in business, or whose programmers no longer support the system any more. "Uh, you want me to come up with a patch for THAT old system? Really? The guy who knew that code retired 10 years ago. I'm not even sure we have the source code anymore – or if it compiles – or if our build system can even compile for that CPU-type. And then we have to test it. We don't have any of those boxes to test it on anymore. And once tested, how exactly do we deploy this patch?"
If you've ever worked in a software organization, you'll know what I'm talking about.
No need to launch any supersonic missiles. If the US power grid is down, the US Navy won't be projecting power anywhere, since we'll be so busy trying to keep our people alive (and/or deploying what forces we have available into our own cities to prevent all those people who can't use their EBT cards anymore from tearing the place apart) to worry about what Russia is doing in their own backyard.
So – yes, asymmetric warfare. A coordinated cyber-assault supported with a kinetic attack on a select group of substations will…