Opinion: Squirrels are bigger threat than hackers to US power grid
While fresh reports of digital assaults on critical infrastructure facilities have stirred the cyberwar saber rattlers, it's worth remembering that squirrels cause far more destruction to the grid than rogue nation hackers.
Reuters
The cyberwar drumbeaters have been stoking fears for decades about the potential of cyberattacks causing devastatingÌýphysical damage.ÌýA litany of anonymous government officials quoted in articles regularly warn about coming digital strikes on power plants, gas pipelines, or water treatment plants. The perpetrators, they say, will be rogue nation hackers executing malicious code to pull off some kind of "cyber armageddon."
But until recently no such attacks have ever been confirmed and nothing approaching the kind of physical destruction theÌýdoomsayers foretell has taken place. And even though two recently reported incidents – one at and another involving –Ìýmay qualify as real cyberattacks on critical infrastructure, recent history suggests we should all be wary of pointing to these incidents as signs that cyberwar is somehow imminent.
Every time stories in the media emerge about computer attacks that cause physical damage – usually supported by anonymous sources – eventually more reasonable people investigate those claims and disprove theories involving destructive cyberattacks.Ìý
One of the most commonly cited – yet erroneous –Ìýcyberevents involves severalÌýblackouts that affected Brazil between 2005 and 2007. The story goes that blackouts were the work of hackers. Even "60 Minutes" repeated that claim.ÌýBrazil's National Agency for Electric Energy, however, concluded that sooty insulators .Ìý
Then there was the in Turkey. No less than four unnamed sources claimed it was a cyberattack despite the fact that the pipeline owner said the valves involved in the blast weren't attached to any network.
Ever sinceÌýStuxnet, the computer worm discovered in 2010Ìý, many experts have warned a that torrent of other computer attacks on critical infrastructure would follow.Ìý
They had a smoking gun the following year whenÌý. While the plant's control systems were accessed by someone inÌýRussia, that someone was the contractor for the water facility who happened to be on vacation in Russia at the time.
Even though Stuxnet is the only confirmed cyberattack leading to physical damage, a German incident is often lumped into the category of hacks that lead to property destruction.
Ìýand German government reports suggested that cyberattackers causedÌýÌýat an unnamedÌýsteel plant by causing the blast furnace to malfunction. And, again,Ìýno one has gone on the record confirming this story and the steel plant remains unnamed. While this event has not been conclusively disproven, there are enough missing facts to raise considerable doubt.
But over the Christmas and New Year's holiday, news stories about two more incidents are once again stirring up the cyberwar hawks.
The first event occurred at the Bowman Avenue Dam near Rye, N.Y., which is about 20 miles north of Manhattan. It actually occurred in 2013 but unnamed officials (surprise) speaking to The Wall Street Journal attributed some kind of breach of the dam's computers to Iranian hackers.
While theÌýfacts about what actually transpired at the dam are few, the incident did cause . But exactly what DHS discovered,Ìýthe extent of the so-called "attack," or how the incident was attributed to Iran remains unknown. What's more, the dam has no electrical generation capability and its only electronically controlled item is a flood control sluice gate, which dam officials say has never been fully operational.
More facts are available surrounding the Ìýin which theÌýregional power company blamed malware for turning off substations. Normally, such claims would be met with deserved skepticism from cybersecurity pros. In this case, however,Ìýa sample of the malware has been found, which to people who research such things is considered . But there's still debate asÌýwhether the introduction of the malware into the power company's systems was the work of a nation state, cybercriminals, or simply aÌýrandom infection that occurs in all kinds of systems daily.
So despite all the hype, fear, uncertainty, and doubt, we still don't have confirmed,ÌýindisputableÌýcases of someone causing a power outage, or other major infrastructure damage, as a result of a cyberattack.
In fact, according to a former deputy director of the National Security Agency, the biggest threat to the US power grid isn't a cyberattack at all.
Yes, and other animals cause hundreds of power outages every year and yet the only confirmed infrastructure cyberattack that has resulted in physical damage that is publicly known is Stuxnet.
Perhaps we should focus less on cyberattacks and more attention to these furry adversaries.
C. Thomas (aka Space Rogue) is a strategist at the cybersecurity firm Tenable Network Security. You can follow him on TwitterÌý.
Ìý