October 16, 2019
Imagine this scenario: it is the middle of winter and freezing cold outside.
Suddenly, the lights go out and the heat stops working. Your entire neighborhood has lost power.
You don’t just lose electricity – you also lose your broadband internet connection and access to the outside world. Maybe one of your devices can find a WiFi connection, but the device is quickly running out of power and you have no way to recharge.
Food is spoiling and grocery stores are closing.
Gas stations are shutting down. Travel options are limited.
ATMs and banks are shut down.
Now imagine this power outage lasts for hours or days and it was caused by a cyberattack.
What would you do in a situation like this?
Cyberattacks have real-world consequences
In 2015, 230,000 people in Ukraine were victims of a cyberattack against electricity distribution companies that took out power for six hours in the middle of winter using destructive malware known as BlackEnergy.
Since then, governments around the world have been concerned about similar attacks against their own energy infrastructure. In 2018, the Congressional Research Service developed a report on the dangers of cyberattacks against U.S. power grids.[1] The threat looms large, as GreyEnergy – an upgraded version of BlackEnergy – lurks on the internet.
It is not just power grids at risk. Financial institutions are being blackmailed with alarming regularity and paying exorbitant ransoms to cybercriminals in order to avoid having their websites and online services come crashing down.[2]
(See the previous blog in this series on how to fight ransomware)
In some cases, extortion is a pretense and the real goal is destruction. In 2017, Russia launched a cyberattack against Ukrainian financial systems that escalated into a global epidemic that caused over $10 billion in damages worldwide. Although the attack was disguised as ransomware, data in particular systems was wiped out with military precision, ensuring it would not be recovered – even if the ransom was paid.
This is what can happen when well-resourced actors are determined to inflict damage. Recently, we have seen large DDoS attacks launched at financial institutions using botnets made from poorly secured Internet of Things (IoT) devices.[3]
With billions of new devices pouring into the ecosystem, the attack surface and vectors that malicious actors can exploit is growing exponentially.
USTelecom leads efforts to secure critical infrastructure
USTelecom takes cyber threats – especially against critical infrastructure – very seriously, which is why our cybersecurity team has multiple efforts underway to increase domestic and global cyber readiness and take defensive action against malicious cyberattacks.
In September, our Council to Secure the Digital Economy published Cyber Crisis: Foundations of Multi-Stakeholder Coordination, a blueprint for how ICT companies can respond when a major incident compromises significant systems and infrastructure. We specifically discuss and provide guidance for responding to destructive malware attacks against power grids and financial systems.
Through our Tri-Sector Working Group, we are helping secure energy and financial infrastructure, together with private sector stakeholders and the Department of Homeland Security, the Department of Energy, and the Treasury Department. By engaging key partners, USTelecom is building intelligence sharing initiatives and operational exercises designed to improve our collective defense posture.
Through constant innovation and ongoing investment in security, USTelecom members are providing leadership in these worst-case cyberattacks that can directly impact public safety and national security.
It is good to have a power outage plan. The Department of Homeland Security’s guidance on preparing for outages is a good place to start.
[1] https://fas.org/sgp/crs/homesec/R45312.pdf
[2] https://www.idtheftcenter.org/wp-content/uploads/2019/02/ITRC_Generali_The-Impact-of-Cybersecurity-Incidents-on-Financial-Institutions-2018.pdf
[3] https://www.zdnet.com/article/new-mirai-style-botnet-targets-the-financial-sector