Earlier this month, while speaking at RSA, Admiral Michael S. Rogers, U.S. Navy, Commander, U.S. Cyber Command, Director, National Security Agency/Chief, Central Security Service, warned that coming cyber-attacks could spell doom for not only the power grid but our entire financial infrastructure as well.
During his keynote speech at RSA, the world’s largest cyber security event, Rogers told attendees that it’s “matter of when not if” cyber hackers successfully attack the grid. He told the crowd that the December 23, 2015, cyber-attack in the Ukraine, where a group of hackers successfully penetrated the Ukraine power grid and took large segments of it offline, was a precursor to what we could see in the future.
Although we have presented evidence that this has happened numerous times in the past, the Ukrainian attack is the first publicly acknowledged hacker-caused power outage – one that left hundreds of thousands of homes without electricity.
According to Ars Technica, this “first-ever hacker caused power outage” used a new type of destructive malware called “Black Energy”.
According to researchers from AntiVirus provider ESET, the Ukrainian power authorities were infected using booby-trapped macro functions embedded in Microsoft Office documents. If true, once thought secure sectors could be anything but secure. Millions of people could be infected using simple social-engineering ploys that can easily bypass these complex security controls.
In a blog post published Monday, ESET researchers wrote:
Our analysis of the destructive KillDisk malware detected in several electricity distribution companies in Ukraine indicates that it is theoretically capable of shutting down critical systems. However, there is also another possible explanation. The BlackEnergy backdoor, as well as a recently discovered SSH backdoor, themselves provide attackers with remote access to infected systems. After having successfully infiltrated a critical system with either of these trojans, an attacker would, again theoretically, be perfectly capable of shutting it down. In such case, the planted KillDisk destructive trojan would act as a means of making recovery more difficult.
Cyber-Attacks on Financial Infrastructure
After talking about the risks to our power grid, Rogers went on to warn about another type of cyber-attack that he sees coming, attacks on our fragile financial institutions.
“What are going to do as a society when you go to your bank account, and the numbers don’t match what you think they should be?” Rogers asked. “What do you do if your business does financial transactions, and they don’t reflect what you are seeing?”
How vulnerable are we to attacks on our Infrastructure?
According to Damon Petraglia, a Cyber-Terrorism expert, and member of US Secret Service Electronic Crimes Task Force, our Infrastructure is “very vulnerable to attack.” In fact, he warns that 18 defined Critical Infrastructure Sectors have been vulnerable for some time now.
There are 18 defined Critical Infrastructure Sectors:
With an attack similar to what we just saw in the Ukraine, all of these previously thought secure sectors could be vulnerable to outside attacks.
How bad could it get?
Back in 2012, Petraglia was already warning how vulnerable we are to the threat. When talking to us about the infamous Stuxnet virus, Petraglia warned:
Stuxnet most likely entered the systems on an infected USB device. This is a very low-tech way to initiate a very high-tech attack. It is also the most effective by attacking the weakest link; the human element. What this really means is, for some reason a human being was compelled to put a USB device into a computer used to control the ICS.
Now imagine code similar to this being used across multiple critical infrastructure sectors. Imagine causing nuclear reactors to either meltdown or shut down while disabling emergency communications throughout geographic areas of the United States.
What can you do to Prepare for an attack on our Infrastructure?
In my book, The Ultimate Situational Survival Guide, I devote a lot of time to this specific topic. This country’s emergency managers have no real contingency plans to deal with a large-scale cyber-attack. You need to be prepared to survive for an extended period of time without power, access to food and water, and essential services. Take a look at the above 18 sectors, and have a plan for attacks on all of them.
Stock up on Food, Water, and Emergency Supplies: During a long-term grid down situation, food and water will be the most important supplies you can have. Our entire infrastructure is incredibly dependent on the grid; if something causes it to go down for any length of time, you are going to see widespread panic and chaos.
- Stock up on long-term food and water.
- Stock up on things like Emergency Flashlights.
- If you live in an Urban area, check out these essential Urban Survival Tools.
Start becoming more Self-Reliant: Over the last couple of decades, the world has seen an unprecedented spike in technology and access to learning. Unfortunately, this has created a world full of dependents that now lack the resources to live without those technologies.
- To prepare for the danger, these 32 resources and skills are all things that you should know.
- When it comes to preparedness, one of the most important things you can do is to put together a plan of action. Check out these 27 Essential Preparedness Tips, Skills, and Resources.
- Having a well thought out evacuation strategy is an essential part of any emergency preparedness plan. Check out our resources for creating a Bugout Plan.
Have cash on hand: During any grid down situation, your debit and credit cards are going to be useless. You need to have cash on hand to buy last minute supplies and to deal with the initial stages of the disaster.
Stock up on Firearms: During any type of long-term power outage, security is going to be a top priority. If the grid goes down for any length of time, chaos is going to quickly sweep the streets, and social unrest will be one of the top threats you face. The unprepared masses are going to be unpredictable; in all likelihood, they will become a threat to your safety.
- The Pros & Cons of Gun Ownership
- Tips for Buying your First Gun
- Stress Response Training: The missing ingredient in Firearms Training
Stock up on Backup Power: Solar Chargers, power generators, and portable battery backups are all things you should invest in. For a very small amount of money, you can help ensure your ability to run things like emergency radios, ham radios, tablets, flashlights and other emergency gear.
Emergency Communication: When the power lines go down, and the internet stops working, you’re going to need a good communication plan in place. Having a SHTF Emergency Communication Plan will allow you to send and receive critical emergency information during a disaster. It’s also a great way to find alternative news sources from around the world — news you won’t hear on your favorite cable news channel.