Infrastructure Is Exposed
The short answer is ‘Yes.’ Hackers can take down our power grid right now. How they can do it and why they haven’t done it yet should be a concern for all of us, not just the government or utility companies. As we’ve seen in the wake of Hurricane Harvey, loss of power can lead to fires, explosions and untold human suffering. It’s not the 1800s anymore. We are not set up as a society to function without power for our homes, businesses and national infrastructure.
So how can our power grid be attached by hackers? In for my latest novel, I explore a few of the incidents that have occurred and could occur. For example, most people don’t realize that Iran has already hacked one of our hydroelectric dams in Rye Brook, New York – the Bowman Dam incident. Using the internet and sophisticated tools, Iranian hackers actually took down the power at that dam. You can read more about it here.
Russia has, in effect, been using the Ukraine as a laboratory for infrastructure hacking, They have blacked out the capital city of Kiev several times over several days. We know they are enemies, but I believe Russia has bigger plans and what better way to test your capabilities than on a weaker foe.
Well you say, why not just disconnect our utilities from the Internet? Iran did that in 2010 by isolating their nuclear centrifuges from any external connections. Allegedly the U.S. and Israel still managed to hack into the centrifuges and set back Iran’s nuclear fuel production by years with the now famous Stuxnet virus.
Hackers And Social Engineering
How could we do that? I talk about that at some length in NOT SO DEAD. The key to the majority of successful hacks is ‘social engineering.’ For example, talented social engineers, aka hackers, calls your office, gets someone in administration, claims to be you and says, “Oh, I forgot my password and I’m on the road. Can you tell it to me?” More than half the time the admin will oblige. Really. Or too many people use ‘Password’ as their password. In the Stuxnet case, we had a confederate on the inside slip a flash drive, with the virus, into one of the networked computers that controlled the centrifuges inside the Iranian nuclear facility. The world and the Iranians might never have ever figured it out had not the virus somehow leaked out onto the Internet and been tracked down by some security experts.
Clearly, personal vigilance and training for yourself and your organization are needed to prevent socially engineered hacks and identity theft. But what about the bigger, more serious infrastructure vulnerabilities? Well despite our current leadership’s head in the sand on this issue, the U.S. does have the Defense Department’s Cyber Command (USCYBERCOM) with 6000 dedicated people fighting the Cyberwar both offensively and defensively. We clearly need more and better people and tools, despite being a world leader. China has already stolen highly classified technology, Russia has hacked our elections, and even North Korea wrecked havoc with Sony’s internal files. All documented and proven.
Mutually Assured Destruction
So if Russia or some other foreign power has the ability to attack our power grid in a big way, why haven’t they done it yet? The answer may be in an age old paradigm from the Cold War and Nuclear Threats, ‘Mutually Assured Destruction.’ Russia knows that if they did to us what they are doing in Ukraine, we would retaliate. I believe the U,S. already carried out some cyber retaliation to the Russian election hacking that has not been reported, butt sent a clear message to the Russians. “You mess with us and we can make you pay.”
So for now, both sides or I should say all major nations are building up their arsenals and their skills, just like the Cold War nuclear build up, both to prevent a major infrastructure attack and to carry one out if need be. Scary, yes. It’s the world we live in. What can we do besides being vigilant in our own security practices? Support and elect people with a will to believe in science and prepare the army, both for our own protection and to lead us into a safer future.