Geez. You’d think with all this Russia hacking talk going on, our government would be doing some preventing. And, I’m not just talking about protecting our voting machinery.
This week, a large American law firm (DLA Piper) got shut down- phones and computers. As did a slew of hospitals. Merck, the major drug company.. Companies and organizations all over the world. This, despite the fact that years ago our government (and those around the world) made all sorts of noises about protecting our computer systems.
And, let us not forget, the Russians attacked the electric grid in the Ukraine. Ukrenergo (which supplies the bulk of power to the country) was the prime target. And, the attack sent good portions of the country into darkness- and cold. (I reported about this here. )
And, the current problem? The software that Russia used to destroy the Ukrainian grid can be easily modified to leave us all in the dark.
Hacking our electric grid has already happened in America. Although most of us failed to hear about it, since the news was kept pretty quiet. But in 2014, four electric utilities and a slew of energy companies were compromised by hackers. (I reported on the Burlington Vermont utility attack here. But, most news outlets never mentioned which of our sites that were hit. I guess our government thought that silence is golden.)
Crashoverride (I didn’t name this) is the hackware that obtains control of industrial control systems- just like the ones that run and maintain our electric grid systems. This hackware is not aimed at performing reconnaissance- but is focused to effect major disruptions of the systems it encounters.
This makes the software as potentially lethal as Stuxnet, the Israeli-US hackware developed to disrupt Siemens’ centrifuges- the ones that were being sold to Iran (despite the embargo). Yes, this means Crashoverride has capabilities that are extremely lethal.
Once Crashoverride gets its way into the Windows operating system, it seeks out computer systems that are controlling circuit breakers. And, then turns them off, which terminates power. (M$ promises that that it’s Defender software is effective against this attack. I’m not willing to risk my air conditioning and tv on that promise.)
Right now, no known versions of Crashoverride have been detected that attack the US electric system. (Hmm. Burlington Vermont???) But, the modifications are fairly simply to effect- and the results will be deadly. The experts say it would only be a day or two before we’d recover our systems after an attack. (One hopes they are correct.)
But, does anybody doubt how much panic a day or two without power for wide swaths of this nation would create?
Hmmm, widespread electrical outages caused by some wicked foreign power? Everyone in the dark? Well, the results of that should be apparent after about nine months or so!
That last part may be true- but it’s the ensuing two days or more when folks die due to lack of critical medical devices, air conditioning, heating, cooking, etc. that scares the living daylights out of me.