‘They’d love to do damage’: The FBI says ISIS wants to hack parts of the US power grid
ISIS hackers are attempting to penetrate the US energy grid in order to carry out cyber attacks and down parts of the country’s energy supply, CNN Money reports.Fortunately, ISIS-affiliated hackers have so far proven to be inept.
Law enforcement officials shared the information about attempted ISIS cyber attacks at a conference on October 14 with American energy firms about potential national security issues.
“Strong intent. Thankfully, low capability,” John Riggi, a section chief within the FBI’s cyber division, told CNN about ISIS’ hacking attempts.
“But the concern is that they’ll buy that capability.”
That concern is warranted, the FBI told CNN. Highly capable hacking software is available for purchase on the black market and could be used to effectively hack into networks associated with energy companies, fuel refineries, or water pumping stations.
Due to the size and complexity of America’s utility grids, and a lack of due diligence, US infrastructure is vulnerable to advanced cyber attacks – either from terrorists or, more likely, from rival governments that already have the cyber capabilities needed.
A survey in 2013 found over 500,000 potential targets for cyber attacks against computers associated with power plants, water treatment centers, traffic control towers, and various portions of the electrical grid.
However, as worrying as that sounds, the likelihood that ISIS could carry out a catastrophic cyber attack against the US energy grid remains incredibly small.
This is in large part because of just how complicated and disconnected power grids are at the national level due to the multitude of various providers and their own infrastructure and networks.
But terrorists could theoretically disrupt a portion of the local power grid.
“[H]ackers can’t take down the entire, or even a widespread portion of the US electric grid. From a logistical standpoint, this would be far too difficult to realistically pull off – and it’s not what we should be devoting our attention to,” Jonathan Pollet, an ethical hacker and a founder of Red Tiger Security, wrote for Business Insider.
“What is more realistic is for a cyber attack to cripple an individual utility, causing a blackout or disruption of service at the local level.”
The likeliest outcome of a cyber attack against US infrastructure, Pollet contends, is “localized disruptions in service – not a widespread outage.”
“It would be extremely difficult for hackers, without an almost superhuman effort, to cause a power outage that stretched across the country,” he notes.
And that is still assuming that ISIS hackers ultimately reach the level of being able to conduct a cyber attack in the first place. As of now, ISIS is lacking in the technological capabilities and know how to carry out even a localized disruption.
“They’d love to do damage, but they just don’t have the capability,” Mark Lemery, the critical infrastructure protection coordinator for Utah, toldCNN.
“Terrorists have not gotten to the point where they’re causing physical damage.”