Hackers v Squirrels: who's the bigger danger to power grids?

News by Roi Perez

Cris Thomas from Tenable Network Security compares the damage done to the US power grid by animal life, with damage that could be done by those with a more malicious intent and asks, are we over-hyping the risk?

According to data from Cris Thomas, a strategist at Tenable Network Security, squirrels have been responsible for 879 power outages around the world.

Speaking at ShmooCon 2017, Thomas said the next most common cause is birds, either through nests, or as a result of excrement.

The significance of this data? Thomas is on the warpath with FUD surrounding attacks on ICS, and claims made by cyber-warfare experts who he thinks make “ludicrous” claims regarding the abilities hackers possess to attack and take down power stations in the US.

Thomas said, "It's really at an epic, unbelievable level some of the bullshit that gets peddled as fact by people at high levels of government and industry who are really spouting stuff they don't know anything about. We're trying to counter some of the FUD that's out there."

Thomas has been tracking animal-induced power outages since March 2013; since then he has found that not only are squirrels and birds a bigger threat to the power grid than hackers, they are also killing people.

After multiple claims that power grids could be ground to a halt by criminals, Thomas claimed a simple statistical analysis shows that this isn't correct.

According to Thomas's tracking a total of 1,753 animal-induced power outages, these incidents have totalled at 78 days without power, leaving over 4.7 million people in the dark. These incidents have caused the death of eight people.

Comparing this problem to actual cyber-attacks against infrastructure, such as those in the Ukraine, the outages only last for a few hours at most. Thomas claimed shutting down the grid long term would take the physical destruction of equipment, not just computer hacking.

However, as Thomas highlights, “the power grid is vulnerable.” The US Federal Energy Regulatory Commission studied the grid and discovered that destroying just nine of the 55,000 substations across the US would black out the country for up to 18 months. Thomas described this as a "democracy ending event."

Backing this claim up, security researchers at iSIGHT carried out a similar study named Project Gridstrike, and determined that using publicly available information, an attacker could destroy 15 substations and trigger the aforementioned blackout.

And would such attacks even make sense? Thomas claimed that any nation state attacking the US will want to keep the lights on, so they can see what's going on. He goes on to opine that threat actors like North Korea or ISIS lack the resources to make such an attack happen.

ICS expert Edgard Capdevielle, CEO of Nozomi Networks commented on the talk: “While the image of rogue squirrels storming a nuclear power plant is amusing, the scale of the threat they pose is relatively tame. According to Cyber Squirrel 1, having tracked 1,700 animal related outages, just five million people were affected – a crude calculation puts that at almost 3,000 per outage.”

Capdevielle added: “In contrast, if a malicious actor successfully penetrates the critical infrastructure, the scale of the devastation has the potential to be immense. An illustration is the very targeted cyber-attack launched against the Ukraine in 2015, that single event affected 225,000 people.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews