Following a suspected Russian cyber-attack on Ukraine in December that temporarily took down part of the electric grid around Kiev, technical experts studied the malware code used and have come to some concerning conclusions.
According to the The Fifth Domain, the special malware program is believed to be capable of sabotaging the circuit breakers and relay switches of power grid components that manage the flow of electricity, potentially shutting them down and causing a blackout, all while deleting files as it goes to cover up the program’s tracks.
The malware program was first discovered by Slovakian tech firm ESET, which, along with U.S.-based cybersecurity firm Dragos, has publicly provided technical information regarding the disruptive program that has been dubbed “Crash Override.”
“The potential impact of malware like this is huge,” Robert Lipovsky, an ESET researcher, told The AP. “It’s not restricted to Ukraine. The industrial hardware that the malware communicates with is used in critical infrastructure worldwide.”
According to Wired, one of the more worrisome aspects of the malware program is its built-in adaptability to be able to work in various electrical grid components across Asia and Europe, possibly even North America as well — meaning it could have a direct or indirect impact on every American household.
That adaptability comes from the modular nature in which the malware program was designed, meaning unique codes and protocols targeting various components specific to certain countries or regions could be easily swapped out.
There are also fears that the program could be stepped up to specifically target certain components in such a way that physical damage is actually done to the power grid, such as melting down power lines or overheating transformers, potentially even causing the sort of “cascading” power overload that would spill over from one region of the grid to the next and so on, taking down power to large swathes of the country.
“If this is not a wakeup call, I don’t know what could be,” Liipovsky warned.
Sources interviewed by Wired agreed.
“This is extremely alarming for the fact that nothing about it is unique to Ukraine,” Robert M. Lee, founder of Dragos and former intelligence analyst for an unnamed U.S. government agency, told the website. “They’ve built a platform to be able to do future attacks.”
It is worth noting that neither ESET nor Dragos would definitively state that the Crash Override malware program was produced by the Russians, but they nevertheless had “high confidence” that the program was connected to a Russian-backed hacker group known as Sandworm,. They both declined to divulge how that conclusion was reached, but the conclusion of Russian involvement to some extent appears inescapable.
This doesn’t appear to be the sort of malware program that could take down the entire electrical grid for weeks and months on end — more likely just a certain sector or two for a few hours to a few days — but it nonetheless remained a concern, particularly since the program is believed to be so highly adaptable.
Regardless, this report should merely add impetus to the already urgent and ongoing process to update and harden vulnerable points of our nation’s power grid from cyber attack.
What do you think of this report that Russia has malware that can take down a power grid? Please share this story on Facebook and Twitter and let us know your thoughts.