Mocking cyberthreats to the grid, with squirrels

By David Ferris, Blake Sobczak | 01/15/2016 08:17 AM EST

A satirical website has gone viral this week, mapping hundreds of attacks on the electric grid by squirrels and other vermin. And while the tone is fun, the creator’s message is serious: The cybersecurity industry ought to put less focus on vague threats from abroad and more on concrete problems at home.

A satirical website has gone viral this week, mapping hundreds of attacks on the electric grid by squirrels and other vermin. And while the tone is fun, the creator’s message is serious: The cybersecurity industry ought to put less focus on vague threats from abroad and more on concrete problems at home.

The site, Cyber Squirrel 1, maps "Successful Cyber War Ops" and links to news accounts of actual outages on the power grid. Squirrel attacks? 623. Birds? 214. Snakes? 47. China and Russia? Both zero — although Russia may have put one on the board in late December, researchers say.

Even if that turns out to be the case, Moscow is no match for squirrels.


"Squirrels take out power on an almost daily basis and yet you never hear about it," wrote the site’s creator, who goes by the pseudonym of Sandy Halflinger, in an email. "Cyber attacks have never taken out power, ever, and yet you hear about it all the time."

It’s a point cybersecurity professionals should remember while urging utilities to shield vulnerable computer systems, said Robert Lee, instructor at the SANS Institute.

"It’s a good reminder, and it’s not like [electricity] asset owners are making decisions based off of squirrel data," he said. "This is mostly a poke to the security community."

Lee said the website highlights the need to bring better, more reliable data to conversations about hackers and the power grid.

"If we’re going to talk about cybersecurity, we not only have to say, ‘Here’s what you can do to make it better without messing up your systems,’ but ‘Here are also measurable reasons why,’" he said. "You have to get a business case."

Chris Sistrunk, a former engineer who spent years working for a major power company, said in his experience, animal-related outages were the third most common threat to electric reliability, behind equipment failure and bad weather.

Still, that doesn’t mean utilities are off the hook for less frequent events such as cyberthreats, said Sistrunk, who is now senior industrial control system security consultant at Mandiant, a subsidiary of the FireEye cybersecurity firm.

"We need to do our due diligence, to do our best to cover the holes where we can," he said. While one of his former utility employers may be very good at responding to hurricanes, for instance, "you need to able to practice responding to other events — including cyber," he said.

And squirrels.

Over the years, a menagerie of small creatures have wreaked havoc on grid equipment, routinely knocking out power to thousands of customers for hours at a time. Despite a cottage industry devoted to preventing such damage, animals chew through power lines, wander across transformers, or crawl into substations and snuggle up to the wrong piece of equipment.

A few examples from Cyber Squirrel 1: A hawk carrying a snake hit a high-voltage line in San Diego and ignited a brush fire; both died, according to an account by KGTV 10 News. A nesting bird knocked the lights out in Arnold, Mo., forcing the school board to conduct its meeting with camping lanterns, an article in Leader Publications said.

Sometimes the consequences can be serious. City Hall and state and federal courthouses ground to a halt one day in Rhode Island, when in October 2014 a squirrel knocked out power to all of downtown Providence, The Boston Globe reported. A wayward fox in St. George, Utah, took down a substation, cutting power that resulted in the death of a man tied to an oxygen machine, according to local news reports. In 1994, a bushy-tailed rodent temporarily took down the Nasdaq Stock Market, according to a New York Times report — a feat that would turn even the craftiest cybercriminals green with envy.

Cyber Squirrel 1’s creator claims to be a security professional. Halflinger told The Atlantic, "I work in the information-security field and am somewhat well-known, which is why I think attaching my name to the account would detract from its message."

"Sandy Halflinger" can be found on the Internet to be principal of a computer-security company called L0phT Heavy Industries, the owner of a defunct news site called Hacker News Network, and a veteran of the Army’s 7th Infantry Division. With any pseudonymous poster, such open-source background info should be taken with a wink and a hefty dose of salt. (EnergyWire could not confirm Halflinger’s true identity.)

That’s not to say Sandy is always tongue-in-cheek. The anonymous cybersecurity professional pointed out that electric companies are widely viewed to be "behind the times" when it comes to safeguarding their networks.

"But if we just focus on the fundamentals, the level of cyber security will increase dramatically and greatly reduce the risk of a power outage from cyberattack," Halflinger noted.

Not amused

Not all cybersecurity professionals were amused by the site. "I don’t think this is the right direction — we need to increase the awareness" of the threat from hackers, said Omri Green, co-founder of critical infrastructure security firm ICS². A cyberattack on the electric grid "can happen," he said, "and it’s better not to wait for this and then improve security."

Halflinger said "we are trying to illustrate that despite all the hype surrounding cyber war and the weaknesses of the electrical [grid] to cyber attack, the problem really isn’t that big."

The "cybersquirrel" author acknowledged that protecting electrical infrastructure from online threats is still important and included a caveat about a suspected grid cyberattack in Ukraine near the running tally of outages on the website.

That hourslong Dec. 23 power failure in several western regions of the country is still under investigation, but security researchers and the Ukrainian and U.S. governments are all confident malware was involved.

"Did a cyberattack cause a power outage in the Ukraine? My answer is yes," said Sean McBride, lead analyst for critical infrastructure at cybersecurity firm iSIGHT Partners Inc. "And I’m not going to attribute it to the squirrel team."