Russian Hackers Breached U.S. Electric-Utility Control Rooms

By   ISBuzz Team
Writer , Information Security Buzz | Jul 24, 2018 10:30 am PST

It has been reported that hackers working for Russia claimed “hundreds of victims” last year in a long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts, federal officials said.

Ofer Maor, Director of Solutions Management at Synopsys:

ofer maor“While it is hard to guess the specific end game in this attack, it is quite clear that having the ability to shut down a country’s electricity can be an immensely useful weapon during war or a massive conflict. It is unlikely for Russia right now to issue mass blackouts, though independent hackers might use an attack like this for ransom purposes, demonstrating their capabilities for blacking out, and demanding money to restore it.

“There are two parallel drivers which accelerate these attacks. The first is the advancement in technology of industrial control systems. Older systems tend to be simpler, and offer less (if any) remote control over them. The new industrial control systems are all designed to be networked and controlled remotely, which of course opens them up to attackers. The second is the increase in skill and motivation for hackers, whether those are state-level hacks or organised crime.

“It is hard to set a limit on the potential damage hacking industrial control systems can lead to. These systems today control our entire infrastructure  – electricity, water, transportation and more. Imagining an attack that causes a blackout is simple, but imagine a case where a vulnerability in a power plant’s control system can be used to bypass load limitations, driving the power plant to work overtime, leading to an explosion, or reversing a sewer pump to overflow sewers across an entire city.”