Can the Russians Take Out Our Power Grid?

David Fessler By David Fessler
Energy and Infrastructure Strategist, The Oxford Club

Market Trends

According to a new research report issued by cybersecurity firm Symantec, there is a hacking group capable of disrupting the U.S. power grid.

In fact, a new wave of attacks recently did just that.

The hacking group calls itself Dragonfly. And it’s been wreaking havoc on the power grids of Turkey, Switzerland and the U.S.

The group has been in operation since 2011 and has reemerged over the past two years with more frequent attacks.

Dragonfly’s attacks are becoming increasingly more sophisticated. And it doesn’t have to overcome technical hurdles…

In fact, according to Symantec researchers, there’s just one thing keeping Dragonfly from bringing down the entire grid: a lack of motivation.

Like so many other hacker groups, Dragonfly consists of ultra-smart individuals. Many speculate that most of the group is Russian due to the fact that many of the code strings that have been found are in Russian.

However, some of the code is of French origin… but that’s likely just a tactic to throw the good guys off the scent.

In Dragonfly’s most recent attack, it compromised about a dozen utilities around the U.S. At least three of them said the operational side of their grids was hacked.

That means Dragonfly had access to virtually every component of the grid. Generators, switchyards and other key components were at risk.

Utilities have one network for administrative computers and a second one for grid operation. Utilities do their best to isolate the two, but they generally never achieve 100% separation.

All hackers need is a single juncture to hop from one network to the other… and then it’s showtime.

Not until two years ago was Dragonfly able to do this. That’s when it reemerged in what Symantec now calls the “Dragonfly 2.0” campaign. The group now has more sophisticated tools that make it harder for Symantec and U.S. government organizations to track it.

In 2014, Dragonfly successfully hacked into the administrative side of the power sector.

But the most recent campaign has targeted computer systems that control the grid.

Symantec believes Dragonfly is state-sponsored. The Russians have a long reputation of state-sponsored hacking.

Now that they have access to the grid side of the network, hackers are in the driver’s seat.

Our power grids are more vulnerable than they’ve ever been.

Hacking Into Nuclear Power Plants: The Safeguards… and Pitfalls

One of the power companies that the hackers breached was the Wolf Creek nuclear plant in Kansas. The electricity it produces is enough to power 800,000 homes.

Three power companies jointly own Wolf Creek: Kansas City Power and Light Company, Kansas Electric Power Cooperative, and Westar Energy.

Wolf Creek is a 1,200-megawatt nuclear plant. It’s been operating since 1985, and its license is good through 2045.

Fortunately, hackers weren’t able to access the operational network in this particular attack. Strict rules created by the Nuclear Regulatory Commission require an “air gap” between the operational computers and any outside network.

Nuclear facilities must also incorporate data diodes into their network, meaning the operational system won’t accept incoming data that could infect the network.

Even with all these safeguards in place, our electrical grids are vulnerable. All someone needs to execute a “super hack” is a flash drive with a virus on it.

One such super hack took place at Iran’s Natanz nuclear facility. The Iranians built it for the sole purpose of creating enriched uranium.

There were barriers in place to keep outsiders off its network, not unlike those at the Wolf Creek nuclear plant. Yet somehow, the “Stuxnet” virus ended up on control computers in the Natanz plant.

The virus disrupted the timing of the hundreds of centrifuges that were enriching uranium. Experts believe that Stuxnet found its way onto the network via a flash drive.

It’s widely believed that the U.S. and Israel were behind the infection, though both have maintained their innocence.

In theory, an employee or contractor could sneak a similar device onto a Wolf Creek control computer. The virus would sit in the background until a specific trigger initiates it.

It could cause a valve to stay open on the nuclear reactor vessel. This would drop the water level in the reactor…

Exposed fuel rods would overheat, triggering a nuclear meltdown.

Something like this would create the kind of chaos seen at the Chernobyl or Fukushima nuclear disasters…

Melted fuel rods would spew tons of radioactive materials into the air. Prevailing winds could carry them over much of the Midwest and eastern U.S.

Thankfully, human error is still more likely than a hacker breach to cause an accident at a nuclear plant.

Back in 1979 at the Three Mile Island nuclear plant near Harrisburg, Pennsylvania, humans overrode the safety system that would have shut down the reactor safely. Instead, fuel rods overheated and melted, and radioactive gases and iodine spilled into the air.

The cleanup took 14 years and cost $1 billion.

But if a similar accident occurred today, it could be far more severe. The overall cost could be closer to $1 trillion.

The Three Mile Island incident triggered big changes in nuclear plant control design. Now nuclear reactor control systems are more reliable.

More importantly, they are completely separate from administrative computer systems.

It’s still probably easier to sneak a gun onto an airplane than it is to get a flash drive into a nuclear plant. If hackers ever gain access to a nuclear plant control system, it will probably be because someone on the inside facilitated it.

The Nuclear Regulatory Commission has received requests from the nuclear industry to ease operational security rules. But the recent power company breaches by Dragonfly prove that now is not the time to ease up on security.

It’s hard for anyone to understand the threat level of a cybersecurity attack or how one might get started.

Thankfully, there are several companies out there that focus on answering those exact questions…

If you’re interested in getting in on the action, check out a couple of cybersecurity ETFs: ETFMG Prime Cyber Security ETF (NYSE: HACK) and First Trust Nasdaq Cybersecurity ETF (Nasdaq: CIBR).

And feel free to share your thoughts or questions in the comments section below.

Good investing,