Incident Response, TDR, Vulnerability Management

Video shows simulated hacker attack on electrical grid

The possibility that a hacker could hijack the electrical grid should come as no surprise to security experts and government officials. But the graphic images that result from a simulated attack might, a former U.S. cyberczar said today.

A new video, produced in March for the Department of Homeland Security (DHS), but released Wednesday to The Associated Press, shows a hacker-controlled turbine shaking wildly until pieces break off and plumes of smoke fill the test lab.

"The techniques, the methodologies, the insight and the belief that this is possible has existed," Amit Yoran, former U.S. cybersecurity chief under the Bush administration and now chief executive officer of NetWitness, a network-based forensics provider, told today.

"The news, if you will, is that…they've constructed the simulation and…caused this physical piece of cable to damage itself," he said. "It mucks and it jolts and pieces come flying off and it generates a lot of smoke."

Yoran said the visual documentation that the video presents (it was created by the Idaho National Laboratory) may help officials better understand and garner support for securing the electric grid's supervisory control and data acquisition (SCADA) systems, long considered a viable target for terrorist hackers. The control system environment may be even more vulnerable than ever as components become increasingly interconnected with the public internet.

"We had a lot of proof that this was possible and it all sounded very much like a Tom Clancy novel," Yoran said. "But when you see it in a video, it is very easy to digest. You say, 'Wow this is powerful stuff. This is serious stuff.'"

Last year, the Princeton, N.J.-based North American Electric Reliability Group (NERC), which oversees the nation's power system, adopted eight permanent cybersecurity guidelines that extend to all bodies connected to the electric grid.

A NERC spokeswoman said the organization has no plans to comment on the video.

Yoran said that to stave off a real attack, officials must understand how the power grid's components interact and then make decisions based on risk.

"The control system world is not as simple to secure as a corporate network might be," he said. "It's very intertwined with the complexity of physical infrastructure and very interconnected and reliant on other components of the control system."

A DHS spokesman did not return a call for comment.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.