Halloween is coming!  Here’s something to add to your IT scare factor.

On August 28, 2014, a cyberattack hit 300 energy companies in Norway. At least 50 of the companies suffered break-ins by hackers, looking for who-knows-what.

While that’s very troublesome for Norway, we have to wonder…could this kind of cyberattack happen in the U.S.?

Yes. And it’s going on right now.

You’re about to see a map that will scare you. Click this link.

The Live Threat Map (Maintained by Norse Corp.)

*Please note: For best results, view the map in Google Chrome.

This map displays the cyberattacks going on in the world right now. Every new line you see flying across the map? That’s a new cyberattack.

The #1 target of these attacks? The United States.

Where are they coming from? All over the world, but the top attack origins are China, Ukraine, the Netherlands and South Korea. Watch the map long enough and you’ll see attacks coming from many other countries too...even the U.S.

What are they after? Some are aimed at disrupting operations, but most of the time they are meant for data theft. As we’ve documented in the past, hackers, unscrupulous corporations and even nation states sponsor cyberattacks every day to steal data (financial, trade secrets, intellectual property, military intelligence, etc.) from individuals, competitors, and other nations.

You can see it in the attack targets on the Live Threat Map.

Major Corporate Targets: Mountain View (Google), Palo Alto (Facebook), San Francisco (Dropbox)
Major Datacenter Locations: St. Louis, San Francisco, Seattle

But datacenters are not the only targets appearing on the map. So are power stations.

Power Grids are Just as Vulnerable as Datacenters

Hundreds of energy companies targeted at once in Norway? Why?

From the article, referencing a similar attack in 2011: “The unidentified hackers made off with industrial drawings, contracts and log-in credentials.”

So, likely cyber-espionage. Stealing data to sell—or to exploit. What’s particularly unnerving about these attacks is, with this information, hackers could break into the energy companies’ power grids, and shut them down.

Now, think about this happening to the U.S.’ power grid. Because this Norwegian attack could easily be a trial run for something larger.

We have not seen a large-scale cyberattack on the electrical grid yet, to the same scale as this Norwegian incident. But according to testimony before the Senate earlier this year, if such an attack comes, the power grid is virtually defenseless.

What Would a Power Grid Attack Look Like?

We don’t have to speculate on what form an attack on the power grid would take. Recent events have shown us.

A large-scale cyberattack against the U.S. power grid would likely target control systems for electrical power generation, and transmission. Breaking into either one of these systems – which are already old, in terms of the technology used – can disrupt power for thousands, even millions of buildings at once.

Cybersecurity and the North American Electric Grid, a report issued by the Bipartisan Policy Center in February 2014, illustrates vulnerabilities in electrical grid systems and estimates the changes needed to defend against them. While the report does stress positive changes that have been made for better reliability, it nonetheless admits that more must be done.

Five recommendations for improvement are:

1. Developing performance criteria and conducting detailed cybersecurity evaluations at individual facilities
2. Analyzing systemic risks, particularly on the distribution system
3. Analyzing cyber events as they occur and disseminating information about these events
4. Providing technical assistance, including assistance in the use of new cybersecurity tools
5. Cybersecurity workforce training and accreditation

All of these are solid recommendations and will no doubt help us defend against future cyberattacks. Trouble is, the attacks are already happening.

From July 2014: Reports Reveal Ongoing Cyberattacks on U.S. and European Energy Sector – Washington Post. A group called ‘Dragonfly’ in Eastern Europe is breaking into energy companies’ networks via malware and stealing whatever data they can get. It’s only a matter of time until one such attack ends in grid disruption.

We even have a physical attack on a U.S. power grid. In April of last year, attacked a PG&E substation near San Jose. They fired at transformers after cutting the substation’s emergency call lines.

PG&E was able to route power away from the substation and keep the Bay Area’s lights on. But that was one attack, carried out with guns. (And as of today, no one has been charged with the crime.)

This was a physical attack, not a cyberattack. But it makes one thing clear: The U.S. electrical grid is a high-priority target. At any moment, a rogue nation or extremist group could launch hundreds, even thousands of simultaneous attacks against the U.S. power grid. Then how many millions are without power?

Businesses unable to operate. Military units unable to communicate with one another. Hospitals unable to keep people on life support. Food destroyed. Mass transit interruption. The list goes on.

What to Expect in the Future

Cybersecurity technology continues to advance. That said, we should expect more of what you see on the Norse Live Threat Map. Cybercriminals’ tactics continue to advance, too.

The military is also taking action against cyberattacks, with its Cyber Command Force. Here’s an article discussing Navy Admiral Michael Rogers’ priorities for Cyber Command.
Cyber Military Branch: Rethinking Need – GovInfoSecurity.com

What Can We Do?

While the power grid is not in our hands to defend, there are steps every business can take to protect their people and infrastructure.

1. Keep your network secure. Protect your servers and your users’ PCs with enterprise-grade network gear and anti-malware/antivirus deterrents.
2. Make sure all your servers are on “supported” versions of their Operating Systems.
3. Retire servers older than 5 years. The older a server gets, the less able it is to handle an unexpected power shutdown, and the more likely you are to have data loss or high disaster recovery expenses.
4. Make sure your backups are working, checked and tested regularly.
5. Install gas or solar backup power for your critical systems, or move them to a cloud datacenter which has backup power in place.
(Tip: Small private datacenters are not high-priority targets for hackers.)