The NSA May Have Caused Your Last Power Outage (Sorry!)
Amidst reports of markedly decreased power grid reliability across the U.S., there has been a corresponding uptick in reported cyberattacks. The rash of outages reported over the last 4 weeks, coinciding with the outset of hostilities in Ukraine, could be taken to be weather-related since the affected areas have reported rain or snow at the time of each of the outages, however, the outages have been too consistent and have occurred in the absence of high winds or other causative factors and have endured for too long to be due to “browning”, lasting 20-25 seconds each time, but not long enough to be caused by an adversarial cyberattack.
Where an adversarial nation seeking to cause a power outage would likely intend for an outage to endure for as long as possible (and any “fix” for such an attack would take longer than 25 seconds to implement) it is now reasonable to conclude that these power outages are self-inflicted.
If we look back at prior DHS guidance on cyberattacks including the 2014 IoT hack, we find that the U.S. Government has, in the past, asked the general public to “reset their routers” in order to remedy the problem of hijacked routers and other devices. In the time since 2014, router attacks have become more sophisticated and have been augmented to include code that makes them resistant to end-users and even centralized reset signals being sent out from ISPs or at the behest of U.S. Government entities.
Remedying these more sophisticated attacks requires that the electricity be cut, preferably to all affected devices simultaneously, so as not to allow the adversary-modified software to temporarily move itself into persistent memory within a router, for example, and forces the restoration of the proper firmware that routers are programmed with at the time of manufacture.
Amidst reports of markedly decreased power grid reliability across the U.S., there has been a corresponding uptick in reported cyberattacks. The rash of outages reported over the last 4 weeks, coinciding with the outset of hostilities in Ukraine, could be taken to be weather-related since the affected areas have reported rain or snow at the time of each of the outages, however, the outages have been too consistent and have occurred in the absence of high winds or other causative factors and have endured for too long to be due to “browning”, lasting 20-25 seconds each time, but not long enough to be caused by an adversarial cyberattack.
Where an adversarial nation seeking to cause a power outage would likely intend for an outage to endure for as long as possible (and any “fix” for such an attack would take longer than 25 seconds to implement) it is now reasonable to conclude that these power outages are self-inflicted.
If we look back at prior DHS guidance on cyberattacks including the 2014 IoT hack, we find that the U.S. Government has, in the past, asked the general public to “reset their routers” in order to remedy the problem of hijacked routers and other devices. In the time since 2014, router attacks have become more sophisticated and have been augmented to include code that makes them resistant to end-users and even centralized reset signals being sent out from ISPs or at the behest of U.S. Government entities.
Remedying these more sophisticated attacks requires that the electricity be cut, preferably to all affected devices simultaneously, so as not to allow the adversary-modified software to temporarily move itself into persistent memory within a router, for example, and forces the restoration of the proper firmware that routers are programmed with at the time of manufacture.