Hackers Can Now Cause Blackouts On America's Electrical Grid, Report

Authored by Rick Moran via AmericanThinker.com,

It was inevitable that someday, hackers would have the ability to exert control over the U.S. electrical grid.  According to the computer security firm Symantec, someday is today.

Hacking attacks over the last several months that targeted U.S. energy companies have been able to gain "operational control" over systems, thus threatening blackouts across the U.S., says Symantec.

 The hacker group known as DragonFly 2.0 was able to gain control in at least 20 places, according to the firm.

Wired:

Symantec on Wednesday revealed a new campaign of attacks by a group it is calling Dragonfly 2.0, which it says targeted dozens of energy companies in the spring and summer of this year. In more than 20 cases, Symantec says the hackers successfully gained access to the target companies' networks. And at a handful of US power firms and at least one company in Turkey – none of which Symantec will name – their forensic analysis found that the hackers obtained what they call operational access: control of the interfaces power company engineers use to send actual commands to equipment like circuit breakers, giving them the ability to stop the flow of electricity into US homes and businesses.

 

"There's a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage ... being able to flip the switch on power generation," says Eric Chien, a Symantec security analyst. "We're now talking about on-the-ground technical evidence this could happen in the US, and there's nothing left standing in the way except the motivation of some actor out in the world."

 

Never before have hackers been shown to have that level of control of American power company systems, Chien notes. The only comparable situations, he says, have been the repeated hacker attacks on the Ukrainian grid that twice caused power outages in the country in late 2015 and 2016, the first known hacker-induced blackouts.

 

Security firms like FireEye and Dragos have pinned those Ukrainian attacks on a hacker group known as Sandworm, believed to be based in Russia. But Symantec stopped short of blaming the more recent attacks on any country or even trying to explain the hackers' motives. Chien says the company has found no connections between Sandworm and the intrusions it has tracked. Nor has it directly connected the Dragonfly 2.0 campaign to the string of hacker intrusions at US power companies – including a Kansas nuclear facility – known as Palmetto Fusion, which unnamed officials revealed in July and later tied to Russia.

 

Chien does note, however, that the timing and public descriptions of the Palmetto Fusion hacking campaigns match up with its Dragonfly findings. "It's highly unlikely this is just coincidental," Chien says. But he adds that while the Palmetto Fusion intrusions included a breach of a nuclear power plant, the most serious DragonFly intrusions Symantec tracked penetrated only non-nuclear energy companies, which have less strict separations of their internet-connected IT networks and operational controls.

The first question I would want answered is, if they have that sort of control, why not exercise it?  Why no blackouts or service interruptions in the U.S.?

Hacking Sony or another private business is one thing.  Fooling with our electrical infrastructure is many orders of magnitude more serious.  If a sovereign nation were behind such an event, it would be tantamount to a declaration of war.  Unless the attacking nation was supremely confident that the hack couldn't be traced back to it, the nation would be unlikely to attempt it.

Causing a blackout in a major urban area would almost certainly result in many deaths.  We know this from previous blackouts in New York City, where the 2003 power outage is estimated to have resulted in 100 deaths.  This would be intolerable, and if the attack could be traced back to Russia or China, it would result in retaliation by the U.S.  We're no slouches ourselves when it comes to cyber-warfare, and we could almost certainly make any country pay dearly.

But in a time of war, that kind of control over our electrical grid could wreak havoc and sow confusion and fear among the populace.  In the meantime, it would behoove the government to work with industry to harden our systems to prevent that kind of catastrophe.

Comments

SmittyinLA Sep 9, 2017 7:38 PM Permalink

For 8 years Obama pushed the "smart grid" Internet and sensor controlled switches unlike the old school manual switches not subject to hacking, Goldman Sachs, solar electrical storms and EMP attack.

goose3 Sep 9, 2017 7:32 PM Permalink

I don't have that much knowledge of such networks; would someone who understands this explain why, if our power networks are vulnerable to hacking, we don't have them disconnected from the internet? Seems like a simple solution; isolate the networks, problem solved.  Why isn't that an option?

libertyanyday Sep 9, 2017 3:53 PM Permalink

most utilities dont use the equipment you can ' call ' to actually perform the trip/close of CB's.  SCADA is still about 80 percent anaolg.   You have to know what and how the equipment you are hacking si tied to the system, in other words it has to be done by an insider.

Anteater libertyanyday Sep 9, 2017 4:26 PM Permalink

There is no reason whatsoever for any municipal or industrialSCADA system to be tied to the internet. They use radio topropagate their sensor reading and control commands, thatrequires someone within radio range, in-country, who canmonitor those radio signals and override them, not someDragonfly 2.0 digital pirates operating from Israel. Why make it easier by keeping the network on the internet!?Nuclear power plants must be 100% fiber, and entirelyoff the internet. That should be a Federal operating law.If you really have to use the internet to order pizza whilethe control rods are being raised, then use your cell phone.

In reply to by libertyanyday

oncemore Sep 9, 2017 2:44 PM Permalink

I have run two IT SCADA projects, utility e=grid.I cannot imagine, that somebody can get the network access from outside.Only if any insider gives him password and then it is not a hack, but a treason.Hacking a grid is a very small probability. As said before, without help from inside, almost impossible.how do you want to capture a server behind dmz?let me sAY, THERE IS NO NEED FOR SUCH SYSTEM TO BE ON INTERBET, WHY SHOULD IT BE CONNECTED AT ALL?

anonymike Sep 9, 2017 1:57 PM Permalink

Mistakes made controlling these systems can cause serious hardware damage, and programs like Stuxnet... News at 11... Dragonfly will then be N Korean backed... Then the lights go out someplace... tantamount to a declaration of war.  Then the US first strike will be AOK. The global financial elite needed this war really bad, to cover for the mess they've made of things... Before the grand finale of the ongoing GFC goes supercritical without some kind of political cover

TradingTroll Sep 9, 2017 1:50 PM Permalink

"Tantamount to a declaration of war"?

Oh, like when the Secretary of State sells out the US to the highest bidders? So we're at war with Saudi Arabia?

/sarc

From here in out, it's more chaos and lawlessness. The human race is increasingly psychotic. This is caused by living an increasingly bigger lie. There's the lie of democracy, then the holo 6 million lie, the lies about the state between Egypt and Jordan, on top of that is lies about climate change, Islamophobia, etc etc.

Try doing business with a new customer or getta job when you start out saying there is no climate change, the holo lie, the fake democracy and the dual threats of Islam and Israel.

Conformity pays the bills.

Politics and religious dogma may be putting our whole race at risk.

Maybe it stops before we pound ourselves back to the Stone Age.

petroglyph fiftybagger Sep 10, 2017 12:59 AM Permalink

Well the power grid worked fine before computers. If you are looking for who's idea it was, to make everything push button and get rid of actual human beings, it is the same cast of characters. But if you are an engineer, you should know who designed it.I was in the industry since '71, when some of the exact equipment that is working today was being used. Some of this story is bullshit. Everything we installed had a manual bypass. The remote switching was just to get rid of labor. Even so if someone hacks in and trips a substation breaker, it's not that big of a deal to drive out there and flip it back on manually. Armageddon avoided. Thats why you keep a few employees around, even if they mostly just drink coffee.

In reply to by fiftybagger

dlweld Sep 9, 2017 1:40 PM Permalink

Yeah the US seems to think itself pretty good on the cyber attack front - but why does it leave critical cyber-defence to a few private companies? Surely this (cyber defence) should be a major major effort - get Microsoft to have to certify its products as non-hackable - including the older versions that a lot of utilities have integrated into a suite of customized operating software. Windows is not just a bit of proprietary software anymore - it's now morphed into a critical utility and should be treated as such.

Ryan Langemeyer Sep 9, 2017 1:30 PM Permalink

"...the 2003 power outage is estimated to have resulted in 100 deaths.  This would be intolerable,..."And the hundreds and hundreds of thousands of deaths that the US Military has caused and continues to cause over the past two decades is........... tolerable?Serious, serious  disconnect from reality in the USSofA 

Caveman93 Sep 9, 2017 1:31 PM Permalink

What a joke. It's built in. Most of these application dev's use Http TCP 80 for their GUI's. No wonder. Look at any security panel or HVAC GUI. To roll a C2 on ay system is easy peasy.

ZazzOne Sep 9, 2017 1:22 PM Permalink

Ok, so the "Deep State" has capitulated that the scientific evidence does not support the fact that Kim Jung Un cannot actually successfully deliver and detonate a nuclear EMP 400 miles above the continental United States. So the Deep State needs to create a new boogeyman with the so-called ability to knock out the US power grid (for their inside job false flag operation). Enter stage-right...the "Electric Grid Hackers"!!!!!Just remember, that when the US electrical grid goes down en masse.....it's spelled, f-a-l-s-e  f-l-a-g

Anteater ZazzOne Sep 9, 2017 4:38 PM Permalink

Remember the Pentagon was hacked entirely in 2012 ofall civilian and military employee personal identity datathen hacked again in 2013 of all defense contractor data.The Pentagon is expert at getting hacked, and now theirProcurement Office is losing $100Bs every year that theyhave no idea where it's disappearing to. $8,000 BILLION!! They blew through their 2017 budget in only 7 months!Congress had to meet in emergency session to bail them!Their 2018 budget has already been set at $54B higher!By next April, they'll have burned through that +10%and need another $50B bridge. The only way they cancontinue this extortion of American taxpayers is continualstress-positioning psyops, so nobody demands an audit.Largest Corporation in human history, never been audited!Panetta promised an audit, then he bugged out fast whenhe got the first actuals. That was $1,000Bs gone MIA ago.So the Pentagon, meant to protect USA, will destroy USA.

In reply to by ZazzOne

Albertarocks fiftybagger Sep 9, 2017 2:58 PM Permalink

Exactly exactly.  I was going to submit a comment but it's as if ZazzOne was already inside my head.  He/she already posted my comment... damned near word for word.  With this BS warning they are trying to twist our thinking so that when they pull off the false flag we 'might' fall for the bullshit that "it was hackers".  Because god knows, they are absolutely desperate for some form of excuse that can be blamed for the coming crash and total global financial and monetary reset... which "they" themselves have been constructing for the past 40 years.

In reply to by fiftybagger

QEpp Sep 9, 2017 1:22 PM Permalink

"We're no slouches ourselves when it comes to cyber-warfare, and we could almost certainly make any country pay dearly."  I'm not sure about that.  What have we done to North Korea?

Atomizer Sep 9, 2017 1:18 PM Permalink

This entire story is being built off sublet subsidizing think tanks for CFR. Just ignore. The hard on is to get everyone on 5G. Let's put computers into your home, and make a decision for joe6pak 

i poop pink ic… Sep 9, 2017 1:15 PM Permalink

Only Sybase is smart enough to "discover" these hackers. Only Sybase is smart enough to "defeat" them. The Deep State must sign a contract with Sybase immediately to prevent further "hacking". 

dlweld i poop pink ic… Sep 9, 2017 1:39 PM Permalink

Yeah the US seems to think itself pretty good on the cyber attack front - but why does it leave critical cyber-defence to a few private companies? Surely this (cyber defence) should be a major major effort - get Microsoft to have to certify its products as non-hackable - including the older versions that a lot of utilities have integrated into a suite of customized operating software. Windows is not just a bit of proprietary software anymore - it's now morphed into a critical utility and should be treated as such.

In reply to by i poop pink ic…

There Sep 9, 2017 1:14 PM Permalink

Once again EQUF..cks proves it.American  business and government don't care to understand how easy it is to disrupt cybersystems that are not propery protected.In every case of breach, it was possible to prevent it. Costly but doable.Our laws have not kept up. Another cost of doing business that ignores the real vulnerability.Hiding  responsibility behind inevitability attitude saves the Congress and CEOs but leaves us poor saps with the real damage.Real permanent damage is coming unless we take this protection seriously.

DCFusor tuttisaluti Sep 9, 2017 1:57 PM Permalink

Who needs those when there are SQL injection attacks, client-side validity checking, dynamic downloads of code for the server from unsafe sources, and a myriad of other defects put in by stupid code monkeys who only have a job because the big software houses made this "drag and drop" simple to do and a lot of morons can now be "web developers".To put it in NSA terms - no point breaking your crypto if we can simply grab the plaintext via a far easier side-channel.Most know very little about security.  And yes, a lot of morons DO put SCADA on the internet (look up Dan Tentler on youtube at defcon).  A friend who builds these plants and consults on maintenance tells me that some idiot in the C suite always wants to watch his money machine work - remotely - and none of the SCADA stuff seems to have an easy "read only" mode...Only thing saving us is they "don't know what to do when they get in" - eg what is this particular PLC/PID controller in charge of anyway - even the guys on site often don't know and it's poorly documented."If architects designed buildings like programmers do code, the first woodpecker to come along would destroy modern civilization".

In reply to by tuttisaluti