Cybercriminals could cripple the US by targeting just 10 critical components in an electrical network, experts have revealed.
The attack would begin with ‘a series of cascading failures,’ first shutting down essential service providers, like 911 call centers and healthcare providers, and then spreading to critical infrastructure.
Americans would lose access to energy, water, financial services, public transportation and cell phone networks, resulting in severe ramifications.
Morgan Wright, a former senior advisor in antiterrorism at the US State Department, told DailyMail.com that ‘civil unrest’ and a ‘breakdown in the social order’ would soon follow.
Cybercriminals could cripple the US by targeting just 10 critical components in an electrical network, experts have revealed
The world had a taste of what a cyberattack could do when a flawed update was issued by cybersecurity firm CrowdStrike last month, causing 8.5 million Windows computers to malfunction.
The misstep impacted airlines, banks, supermarkets, TV stations, and many other industries worldwide.
Microsoft experienced a second outage on Tuesday, which impacted many of its services and companies that use its tech for about 10 hours.
The tech giant later admitted that its services were taken down by a Distributed Denial of Service (DDOS) attack that was ‘amplified’ by an error in the company’s cyber defenses.
Eric O’Neill, a former FBI counterterrorism and counterintelligence operative, told DailyMail.com that foreign spies have spent over a decade looking for security holes in infrastructure to leverage for conducting catastrophic cyber attacks.
They have already found ways to disrupt America’s fuel, power, water, communications, and education systems as they look to exploit our reliance on these essential resources, he continued.
An attack of this kind would have dire consequences for US citizens, such as even killing Americans on their soil, warned Nicholas Reese, a cyber expert and adjunct instructor at the Center for Global Affairs at New York University.
The attack would begin with ‘a series of cascading failures,’ first shutting down essential service providers, like 911 call centers and healthcare providers
Hospitals would see a disruption in intensive care units and operating rooms, causing medical equipment to falter and patient deaths
He explained that a cyberattack on 911 call centers would deprive patients of urgent medical care.
Meanwhile, hospitals would see a disruption in intensive care units and operating rooms, causing medical equipment to falter and patient deaths.
‘Deliberate large-scale attacks on critical infrastructure would not be executed with the goal of inconvenience,’ Reese said.
‘They would be executed to cause domestic turmoil as a means of power projection.’
Describing an attack on this scale as a ‘significant act of aggression’ against America, Reese suggested it would require a serious response from the government.
That could mean the nation is dragged into a military conflict with the perpetrator.
Cybercriminals are aware that taking control of essential resources, like energy and water, would be the way to cripple the nation, the experts said.
This was experienced in 2021 when a hacker group known as DarkSide shut down the Colonial Pipeline that supplies oil to much of the US East Coast.
The five-day disruption caused localized shortages of gasoline, diesel fuel and jet fuel, which led to panic-buying as consumers feared gas would run out.
‘We saw a microcosm of how citizens would respond during the Colonial Pipeline ransomware attack,’ explained Wright.
‘There was a run on gasoline because of a ‘perceived’ shortage of energy, not an actual one.
‘The unrest only took hours to swell because of social media and incorrect reports of what actually happened.’
Cybercriminals are aware that taking control of essential resources, like energy and water, would be the way to cripple the nation, the experts said. This was experienced in 2021 when a hacker group known as DarkSide shut down the Colonial Pipeline that supplies oil to much of the US East Coast
The five-day disruption caused localized shortages of gasoline, diesel fuel and jet fuel, which led to panic-buying as consumers feared gas would run out. Picture shows a long line at a gas station in Georgia
In light of the Colonial Pipeline chaos, O’Neill believes that a cyberattack on US power supplies would have a similar ripple effect for all Americans.
‘Without power, citizens would lose communications, air-conditioning, heat, water when we turn the tap and lights when we flick the switch,’ he said.
‘Business would grind to a halt, finances would be unavailable and hospitals would be unable to provide care, and so much more.’
To conduct such an attack, O’Neill said the perpetrator would likely target the Supervisory Control and Data Acquisition (SCADA) networks, which help manage industrial equipment because they are easy targets due to insufficient cybersecurity and outdated software.
‘The orchestrated attack would require numerous, synchronized attacks against different components of the power grid’ he explained.
‘But with our networked economy and supply chain, taking down just one major section of the US power grid would throw the country into chaos.’
In light of the Colonial Pipeline chaos, O’Neill believes that a cyberattack on US power supplies would have a similar ripple effect for all Americans. It would cause blackouts across the nation
A final element could be physical attacks on American power transmission and switching stations, added O’Neill.
‘Attackers would only need to target nine or ten key nodes within the United States to potentially collapse the grid,’ he said.
While a deliberate cyber attack launched by an enemy state or cyber-criminal group could hinder national infrastructure, an accidental IT outage or system failure would be just as damaging.
These types of outages show how a ‘lack of resilience’ and ‘over-reliance on single sources of technology and software’ can disrupt essential industries and the lives of many, explained Wright.
‘Despite all of the preparedness and threat mitigation, it was an unintentional action that highlighted the weakness in all critical sectors,’ he said.
Despite the grave nature of these threats, some believe that the US government isn’t taking them seriously enough.
‘The government could certainly do more to prepare the United States for a catastrophic attack, plan for and assess the response to such an attack, and prepare ahead of the attack by hardening our critical infrastructure,’ said O’Neill.
When asked how the security of US national infrastructure can be strengthened, O’Neill said more investment and collaboration between the federal government, state officials, and industry are essential steps.
Lawmakers should also compel critical infrastructure companies and agencies to follow strict cybersecurity standards and zero-trust approaches to authenticate outside parties’ identities before granting them access to their computer networks and resources, added O’Neill.
‘Grants and funding can be applied by the government for the investment,’ he continued. ‘Key transmission points and power stations must be hardened and made resilient to attack.’
As these threats increase in scale and complexity, O’Neill said a nationwide effort is needed to ensure critical services and infrastructure are resilient enough to ‘operate under pressure’.
‘When a hospital is attacked, it must be able to function without the Internet. Water utilities should be manually manageable when operations centers come under attack,’ he concluded.
‘Power grids should be more redundant and less reliant on aged transmission paths and models. Everything from schools to grocery stores should have backup systems and the ability to disconnect from online portals and third-party applications to continue services.’