The grid community has been on high alert all week following a discovery by researchers of malware designed to interrupt physical systems. On today's The Cutting Edge, E&E News reporter Blake Sobczak explains the nature of the threats and how the grid community is responding.
Monica Trauzzi: Welcome to The Cutting Edge. The grid community has been on high alert all week following the discovery by researchers of malware that's designed to interrupt physical systems. Here to unpack and make sense of it all is E&E News reporter Blake Sobczak. Blake, nice to see you. Thanks for coming on the show.
Blake Sobczak: Thanks for having me on.
Monica Trauzzi: So Blake, back-to-back warnings this week. What's the nature of these threats?
Blake Sobczak: So really there were three distinct cyberthreats that infrastructure operators and policymakers discussed this week.
First and perhaps most alarming was the so-called Crash Override malware, which really was laser-targeted on electric systems, but there were also two threats with tentative links to North Korea.
There was one group called Hidden Cobra that the Department of Homeland Security and the Federal Bureau of Investigation identified linking back to a series of malicious cyber campaigns to 2009.
Then there was also the WannaCry cyberthreat, which has been around since last month and which was discussed during a House hearing yesterday.
Monica Trauzzi: So we've talked about threats before on this show. What's different about these new threats this week?
Blake Sobczak: So certainly the most alarming is the Crash Override malware. What researchers discovered from two cybersecurity companies was that a cyberattack on Ukraine's power grid late last year may have been caused by this malware. This is highly, highly unusual. Really we have only one other example of malware impacting physical systems, and that's the Stuxnet worm that damaged Iranian nuclear centrifuges in 2010.
Now what's unique about Crash Override is it's really interested in specifically grid systems. At a very basic level it's designed to flip switches. It wants to open circuit breakers and cut off the flow of electricity.
Now the only known case we have of it being used out in the wild is in Ukraine, but U.S. grid operators are on high alert because they see how this malware could be repurposed to potentially attack the North American grid. It's a lot like a Swiss army knife. You can maybe add in new slots and change it up a little bit to go after the U.S. grid.
Monica Trauzzi: So then what does this mean for grid operations? How do we see the grid community responding to all of this?
Blake Sobczak: So the good news is that there haven't been any cases of Crash Override reported in the U.S. grid according to the North American Electric Reliability Corp., and obviously grid operators are going through a lot of defensive steps to ready themselves for this kind of attack.
There was a report released yesterday that indicated from NERC that no cyber event had even really had the potential to impact grid reliability in the U.S. last year.
That being said, what's disturbing about this malware is once it gets into a grid system, there's really not much that can stop it. It takes advantage of some rather insecure protocols that are used to communicate between control centers and, in this case, grid equipment that can be used to flip those circuit breakers.
So the U.S. grid community's really going to have to be thinking about how they're defending their control systems beyond just their perimeter defenses. That's what cybersecurity experts have been telling them.
Monica Trauzzi: So what have we seen from the Trump administration so far? Have they taken steps to protect and support the grid?
Blake Sobczak: Yes. So last month the Trump administration signed an executive order, President Trump signed an executive order related to critical infrastructure cybersecurity and federal cybersecurity. Really he wants to study the issue and task some of his senior staff with looking at how they can help the grid community improve its cybersecurity.
Now, so far the Trump administration has really demonstrated continuity from the Obama-era cyber policies and there haven't been any real radical changes in strategy or defensive approach. That may have to change as these threats evolve and we see more and more hackers willing and able to go after critical systems like the power grid, but it remains to be seen exactly what kind of approach Trump's going to take to that.
Monica Trauzzi: All right. Very interesting stuff. Thank you as always for making sense of it all for us.
Blake Sobczak: Thanks for having me on the show.
Monica Trauzzi: More Cutting Edge coming next Friday. We'll see you then.
[End of Audio]