Power grids in the United States were reported to have been cyber attacked several months ago by a group of hackers. They were not able to trigger any outages or incidents. Drago, a cybersecurity firm, inspected the power grids for weak spots and tracked a group of hackers known as Xenotime, who created the malware Triton. Triton was also responsible for the attack on Saudi Arabia’s Petro Rabigh oil refinery in 2017.
Joe Slowik, a security researcher at Dragos, who is involved in the firm’s industrial control systems, has tracked Xenotime and stated that “There’s no sign that the hackers are anywhere near triggering a power outage—not to mention a dangerous physical accident—in the US. But the mere fact that such a notoriously aggressive group has turned its sights on the US grid merits attention”. Drago itself states that “[Xenotime is] easily the most dangerous threat activity publicly known”.
If the malicious attacks were able to infiltrate the system of the power grid, there are several incidents which would be harmful to society. If the hackers decided to shut down the system that supplies energy to households and businesses, this would disrupt society operations and activities, including community security. From there, the hacker could conduct other hazard and life-threatening attacks while the security system is down. Hackers could also directly manipulate the energy of the power grid. This would be a crisis; police and authorities should carefully take this possibility into consideration.
Other incidents of hardware system control-based attacks were illustrated by a VICE Youtube video filmed in Tel-Aviv, Israel, one of the most advanced countries in cybersecurity. For example, Ziv Levi, CEO and founder of Arilou Cybersecurity Company, was able to perform a penetration attack to manipulate a car system and control it however he liked. Another example: Barak Perelman, CEO and co-founder of Indegy, demonstrated how simple it was to hack into a water treatment facility and pollute the water. He conducted another attack, this time on the interface application that tracks the water reservoir. If an incident like this happens, individuals using the water would be affected.
All in all, cybersecurity attacks that could manipulate hardware control-systems should be seriously taken into account. This type of attack could easily trigger a life-threatening chaotic crisis.