The reality that cyberterrorism is a malicious force that transcends organizational sectors is gradually hitting home for anyone who keeps up with the news. Far from only targeting big retailers, criminal hackers hone in on governments, schools, and according to NetworkWorld, even charities. According to a tech specialist who carried out an investigation of his own, there is a new potential victim of hackers: national power companies. If these organizations are breached, the results would be nothing short of disastrous.
Crain Says Network Security at Power Companies is Majorly Lacking
In the wake of a series of cyberattacks on major businesses and government organizations, North Carolina-based tech expert Adam Crain had a hunch that major power companies were not guarding their internal systems with rigorous enough enterprise security to keep malicious forces out, according to The News Tribune.
Crain said he put this theory to the test the only way he knew would return definitive results: by attempting to gain access to the internal infrastructures of these companies. To his dismay, this was a relatively easy feat, and Crain soon found himself within various administrative systems. Where many hackers would use such an opportunity to begin exploiting a system, Crain put his findings to a useful end by informing various utility security officials, who quickly went about alerting power companies about what Crain had discovered and encouraging them to seriously evaluate their security systems.
The Implications of Crain’s Findings Are Deeply Concerning
Imagine a country without power. In fact, it is not difficult to conceive, since in 2003 something very close happened when 50 million people across the entire Northeast lost power due to an overtaxed electricity grid, according to TIME. At the time, the calamitous situation was met with widespread unpreparedness and exposed the very tenuous hold our country has on its power sources. In literally an instant, the event proved, a natural occurrence could lead to a temporary return to a pre-electric age. The 2003 incident led to a strengthening of safeguarding systems within the electric grid design. These included more robust measures to protect the facilities against inclement weather conditions and the prospect of getting overburdened.
But as Crain’s single-man attack illustrates, power centers have clearly not placed as much focus on virtual safeguarding as they have on strengthening physical defenses. Yet we live in an age when cyberattacks can be just as — if not more — damaging than bad weather. If a major power grid were to be criminally breached, the results could easily turn disastrous. It is not hard to imagine a scenario, for instance, where a simple breach of a system — much like the one Crain was easily able to begin carrying out — could lead to a loss of power for significant swaths of the country. And it would not take a great number of attacks to make a massive impact. According to Federal Energy Regulatory Commission numbers, all it would take is a malicious incursion on nine substations to eliminate power countrywide for more than 30 days.
Fortunately, a solution to this vulnerability lies in implementing better critical infrastructure protection features.