Why America is not prepared for a Stuxnet-like cyber attack on the energy grid

A cyber attack on the energy grid could leave parts of the U.S. without power for six to 18 months, expert warns.

Opening circuit breakers is bad. Closing them again is worse.

When Russia attacked Ukraine's energy grid in December 2016, it opened the circuit breakers at the utility, causing a power outage that lasted about an hour. The attack could have been much worse, experts say. The Russians chose not to then close the breakers, which would have caused a phase shift in the AC power and fried the energy grid, requiring physical replacement of infrastructure.

The United States is vulnerable to just such an attack, experts warn. Although the distributed and segmented nature of the U.S. energy grid means that there is no single point of failure for the entire country, an attacker could still plunge the West Coast or the Northeast Corridor into darkness for months, a year or more.

"The Russians didn't want that [in Ukraine]," ICS security expert Joe Weiss tells CSO. "All they had to do was reclose the breakers. They chose not to."

This vulnerability has been known since at least the 2007 Aurora demonstration, but more than a decade later the energy grid continues to remain vulnerable.

To continue reading this article register now

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!