As a marketing professional in the cybersecurity business for the last 20 years, I’ve watched the nature of cyber threats change and evolve over the years. Three years ago, I researched and wrote a paper on Nation State Threats to our critical infrastructure titled Understanding nation-state attacks, originally published in the international cybersecurity journal “Network Security.” While exploring the topic I read several books, questioned many knowledgeable industry insiders and met with a US congressman. It was eye-opening.
In that paper I reasoned that for several nations, offensive cyber operations are the best bet to gain advantage over the United States. Perhaps a generational opportunity for them. In particular, the risk to our power grid was considerable. I also predicted that we’d be better at protecting that grid in three years than we were then. I believe this has happened and it is a testament to the security professionals that watch over those networks.
However, in cybersecurity, it’s the not the millions of attacks you successfully stop, it’s the one that gets through that gets the attention. Some very specific threats have escalated. An alert issued in March, 2018, by DHS’ Cybersecurity & Infrastructure Security Agency warned of a “a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.”1
The upcoming national election offers a unique opportunity for a cyberattack on our power grid. The current frenzied situation of voting concerns and conspiracy theories virtually ensures that the election will be a drama-filled event, at a minimum, and a constitutional crisis at the worst. It’s exactly the type of situation where a well-timed cyberattack which compromises one or more power grids and creates a power outage, could have maximum impact.
If you add some well-designed misinformation to feed the information vacuum, a relatively innocuous 90-minute power outage in central Florida can be spun to have devastating effects on the election system as it gathers and counts votes. This is a story that will almost instantly go globally viral and it’s hard to put that kind of genie back in the bottle.
The trend in cybersecurity has changed from working to poke a hole in a networks’ defenses and installing malware to execute an attack, to instead focusing on pilfering legitimate credentials via complex phishing assaults aimed at employees outside of the security sphere. Security experts speak of “dwell time” a measurement of the time between a beach and its discovery. Reported dwell time averages from all sorts of businesses are often well over 100 days.
A breach of a power grid would likely follow this type of path. Credentials are stolen, the system is visited to validate the credentials and what level of administration is assigned to it and what data can be taken and what other systems can be compromised. In other words, a breach may have already taken place and a intimidating nation state actor is ready to screw with our power grid on election day.
Indeed, nations have been working on our election. Just last week, the New York Times reported that Russia’s elite hacking group, Energetic Bear, looks to be casting a wide net to find useful targets ahead of the 2020 election.2 This same group has been responsible for hacks into the power grid, water treatment facilities and nuclear power plants.
In my 2017 paper, I suggest that if a nefarious foreign actor did have the ability to play games with our power system, they would likely save that capability until a time it would have the most effect as a terrorist attack. I mused that Super Bowl Sunday would be such a target that would terrorize Americans; a power outage on that day would get attention and make folks fearful for more.
Taking this logic further, the 2020 election is the epicenter of the most critical and unsettling period the United States has had in decades. On this day, even a small power grid breach, followed by a quick misinformation campaign could be devastating to our country.
I document this prediction one week before the 2020 election for two somewhat obvious reasons; One, I feel very strongly about this and wanted to sound an alarm. And two, of course, should something occur, I wanted to document my concerns in advance of the election in this way. We should be prepared to be on high alert should any such outage occur and to expect misinformation to come quickly and be well-done and timed.
Now, as I stated above, I believe the security of our nations grid to be strong. The risk of the scenario I’m suggesting is low. However, my point here is that the risk is as high as it has ever been because of the opportunity represented by this historic election and period of domestic unrest.
Should we escape this particular fear as we go through the election process as a nation, it will be a validation of the security industry and the professionals that watch over these networks. If something does occur we can cross that bridge when it occurs, perhaps a little smarter once we understand the risk.
If you’d like to review the paper I published in 2017, you can download a PDF of it here. Please contact me directly if you’d like to discuss.
You can connect with me on LinkedIn: http://www.linkedin.com/in/ericlundbohm/
Follow me on Twitter @lundbohm
- Alert (TA18-074A) Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors, A Technical Alert (TA) that is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). https://us-cert.cisa.gov/ncas/alerts/TA18-074A
- Russians Who Pose Election Threat Have Hacked Nuclear Plants and Power Grid, By Nicole Perlroth, New York Times, October 23, 2020. https://www.nytimes.com/2020/10/23/us/politics/energetic-bear-russian-hackers.html