Yesterday researchers confirmed that a power outage in Kiev Ukraine on December 17th was a cyber-attack. See BBC article http://www.bbc.com/news/technology-38573074
So what? I wasn’t affected; I don’t live in the Ukraine (that’s next to Russia right?). Oh you say it was similar to a power outage in 2015 wow even older news, again so what.
Remember the TV show Jericho? No, you probably don’t, not many people except my wife and I watched it, it was canceled after 2 seasons. The premise is that the United States had been hit by an EMP (Electro Magnetic Pulse) bomb as well as some nuclear devices and the show went on to chronicle the new dystopian future (dystopian futures have been getting a lot of airplay lately).
What Jericho showed was how impacted we are by energy, specifically electricity. As I watched the show I was amazed at how hobbled every aspect of our lives would be if we didn’t have electricity.
Forward to 2016, cyber criminals spend months sending phishing emails to power plant workers in Kiev. They plant malware and are able to get usernames and passwords to major components of the power structure. They get further access to the substations and overwrite the firmware preventing the power plant employees from having remote access to their sub stations. (See a great video of how this was done during the first attack in December 2015 http://www.bbc.com/news/technology-35686498)
Then on December 17th the criminals (maybe Russians, maybe Russian government, maybe Russian government funded hackers) unleash their plan. The power goes out in significant areas of Kiev Ukraine (the capital of the country) and the Power Plant Management doesn’t know what is causing it. They attempt to restore power to the substations remotely but they find they have no control remotely. Ultimately they have to go out to each substation and manually restart them. Problem solved.
You still with me? Why should you care? Because this sounds a lot like Jericho (just with hackers not bombs). And if an EMP bomb sounds like a stretch the idea of a cyber-criminal does not. The utility infrastructure in the U.S. is made up of numerous entities with a wide array of preparedness for cyber-attacks. If the Russian government did perpetrate this attack in the Ukraine (which is really likely because they are the same country that invaded the Ukraine and annexed Crimea) then what would stop a much larger full scale attack on the U.S?
Am I suggesting Russia has submarines waiting to land in San Francisco and Boston and invade the U.S.? No, but what kind of financial repercussions would an attack like this have to the United States? What if Russia (or China or even run of the mill anarchists) wanted to punish the United States for actions they didn’t like?
So no I don’t think we should all start singing REMs “It’s the End of the World as We Know It” but I also don’t think we should complacently sing the rest of the lyrics from that song either “And I feel fine”. Whoever shut down the power in Kiev showed just how powerful hacking can be, we all need to take this seriously and we need to ask our utilities and government agencies if they are ready. Because I prefer to watch TV shows about dystopian future, not live them out.