By Jen A. Miller
Sept. 9, 2016
In January, V. Miller Newton, CEO and president of PKWARE, made his annual list of predictions for most likely cyberattacks of the year.
Number 3 on the list: The U.S. electrical grid will be attacked. He's been making predictions since 2011, and claims 95 percent accuracy so far (he also predicts that healthcare systems were at risk and that smart watches would be hacked).
"This country's infrastructure runs on antiquated technology and systems," he says. "We've already seen an electrical power grid hacked in December of last year in Ukraine," which blacked out 103 cities and partially blacked out an additional 186.
Cyberwarefare isn't new, but Newton and other security experts expect that these attacks will ratchet up and focus on anything that could cripple the U.S., whether that's shutting off something like the power grid, utilities, or water, or holding financial institutions or Fortune 500 companies ransom. They also say the slow pace of government reaction isn't ready to keep up with the race to hack, which can leave the country vulnerable.
"You're talking about massive disaster. You're talking about a complete blackout of the whole infrastructure of the United Sates," says Idan Udi Edry, CEO of Nation-E.
Shutting systems down easier than you think
It's easy to see why shutting down a power grid would be disruptive. But what might not be obvious is that it can be easy, especially since critical systems are online, says Timothy Carone, a teaching professor in IT, analytics and operations at the University of Notre Dame's Mendoza College of Business.
"Software gets upgraded just like it does on your computer or iPhone," says Carone. "You have the same challenges upgrading elements of an electrical grid that you have with a regular computer."
So just like a computer or smartphone needs security patch updates, so do networks that run critical systems. If not addressed, those vulnerabilities are a way in for someone who wants to do damage.
"The western world, which is considered to be the leader in technology and innovation is actually the most vulnerable because of the effect of the digital age," says Edry.
Putting your thermostat or baby cam online as part of the internet of things (IoT) makes them vulnerable to hackers where they wouldn't have been before, the same is true for any infrastructure system.
"All of those assets and all of those integrations and vulnerabilities are opening themselves up," says Edry. "These are the most critical points. It's IoT of the Industrial size."
And these aren't a bunch of guys sitting in a basement trying to see how far they can get into someone's system either. They're criminal gangs, intelligence agencies or proxies for them, says Carone. And they're smart.