One does not have to go far these days to hear or read a story about Russian cyber interference affecting life in the United States.
There is one mode of meddling that could hit closest to home: a possible attack on the American power grid.
Three years ago, a group of Russian hackers by the working name of “Sandworm” were able to bring Ukraine to a standstill by shutting down its power grid through a type of malware. When launched, hackers were able to commandeer the cursors of the infected computers, leaving Ukrainian officials helpless. Now, there have been conversations that such an attack could be a precursor to something much larger on American soil.
About six months ago, the cybersecurity company Symantec released information about Dragonfly 2.0, a series of intrusions by a group of Russia-tied hackers that gained actual operational access to several energy operations systems worldwide, including in the US.
“They didn't just put some malware on the network like the Russians in 2015. They had gone that next step," says Andy Greenberg, a writer for Wired magazine who covers cybersecurity and privacy issues. "They crossed over into the operational network, where they could have started to flip switches. And that's a scary thing. They were actually taking screenshots."
Those screenshots, he adds, were even published by the Department of Homeland Security showing “control panels that you would use to start to cause a power outage."
Greenberg says even if a Russian entity (acting on the behalf of the Kremlin) could cause a blackout in the US, the matter boils down to whether they actually would cause one, given the potential implications.
“That's not an easy answer at all,” Greenberg says. “If they had caused this same kind of blackout in the US that they did in Ukraine — and to be clear the news now is that [Homeland Security] has pinned that American intrusion on the Russian government — there would certainly be retaliation against Russia, a serious one. It might be seen as an act of war… But that doesn't mean that Russia won't do this at some point in the future if they want to send a message of some kind.”
Going back in time?
Joshua Pearce serves as professor of electrical and computer engineering at Michigan Technological University. He calls the US energy grid “our greatest human achievement in terms of technology."
“Part of what makes our grid so resilient is also what makes it so susceptible to this type of attack, where, if they do gain control to the scantest systems, we could have massive blackouts and even possibly over a prolonged period of time,” Pearce says.
One solution to this issue could be taking power plants and other facilities off of the internet, bolstered by a new bipartisan bill in the Senate that is being supported by Sen. Angus King of Maine and Sen. Jim Risch of Idaho. The bill was inspired by what transpired in Ukraine: during the country's cyber attack, plants still running on old-fashioned analog switches were able to bring parts of the grid back up in hours instead of days.
Greenberg says such an idea seems simple as a way to lessen the country’s collective vulnerability to hackers, but it is not.
“We in the US in this recent incident experienced an operational network penetration also, so that network was also connected to the internet with the ability for these hackers to start flipping switches,” Greenberg says. “We don't know why it was connected, but it seems that there's always a kind of need for engineers to update their software or connect remotely. And so they tend to create that connection and then hackers exploit it.”
Adds Pearce: “We have to remember it only takes one infected USB stick stuck in the wrong port and then the other side can get infected as well. And we've used similar techniques before ourselves, so we know that it's certainly possible."
A multi-faceted issue
The system’s vulnerability, Pearce says, extends past cyber attacks into actual physical space. He references the 2013 attack on California substation in which a group of snipers took out 17 electrical transformers. It took 27 days to get the system back up and running, he says.
“If there was ever a coordinated attack between both cyber and physical, it would be relatively easy to take out a large section of the US grid and possibly for a very long time because it's not like these are transformers that you just pick up off the shelf,” Pearce says. “Some of the lead times are very long. So we're both vulnerable to cyber-based attack and a physical one without necessarily talking about major resources or extreme amounts of sophistication."
Pearce suggests the best solution may be to do what the Pentagon was already being doing: Create a federation of micro-grids. US military installations, he says, have started to become dependent from the civilian grid if need be by installing solar energy batteries that can produce power by themselves for an extended period of time — unlike the short-term solution that is provided by standard fuel-powered backup generators.
“If we want to have a secure grid and go full throttle on renewable energy, what it means is we need to break up the grid into a bunch of microgrids that still act together as a full grid, so that we still have all the benefits that we have today with our giant centralized grid while still having the security,” Pearce says. “So if a hacker gets in and destroys one of the microgrids, we only lose power for that particular facility or that town. We don't lose it for the entire Eastern seaboard."