Ukraine Power Grid Hack Could Happen in U.S.
The very same equipment that keeps the lights on in the Ukraine is used in the U.S.
For the first time ever documented, hackers found a way to sneak malicious code into the control systems of a power grid and used it to shut off electricity to 700,000 homes.
It happened in Ukraine two weeks ago, but it could happen here.
RELATED: Could Our Power Grid Ever Fail?
“The very same equipment that keeps the lights on in the Ukraine is used in the U.S.," said Ray Klump, professor and chair of Computer Science and Mathematics at Lewis University.
That's because only a handful of companies around the world manufacture the equipment that makes up the grid. No one is unique, and nothing about the Ukrainian system makes it more vulnerable than the network in the United States.
According to ESET, a Bratislava-based security software firm, malware caused the blackout on Dec. 23, which hit three different transmission lines in the western part of the country, in the Ivano-Frankivsk region.
RELATED: Can ISIS Hack The Electric Grid?
The malware flooded the digital network at three operation centers with a whole lot of computer gobbledy-gook, which prevented voltage and current data from getting through. Transmission lines got overloaded and since no one knew about it, the lines failed.
Trend Micro and iSight Partners, two U.S.-based computer security firms, confirmed ESET's findings.
Initial investigations show that the malware got into the system the same way malware could enter a power grid in the United States: a person opened an email and clicked on a link they shouldn't have clicked on.
“It's something we all fall for in every culture," said Klump.
That's why upgrading the power grid has been an active area of research in the United States for the last 10 years. Ideally, engineers build in safety systems so that if someone does click on one of those bad links, the malware gets cordoned off to a part of the network that doesn't impact the actual transmission lines.
It's a huge challenge to address and until it's fixed, all it takes is one mistake to wreak havoc.
“The people who are probably most shaken by this story are those who are already in the industry," said Klump.