Hackers Gain Hands-On Access to US Power Grid

In an age when hackers and cyber-attacks seem to be in the news every day, extraordinary attacks with greater consequences can get lost in the headlines. That seems to be exactly what happened this week when it was announced that a series of attacks not only compromised the data of US and European energy companies, but also gave the intruders actual hands-on access to power grid operations. The intruders had enough control that they could have actually induced blackouts on U.S. soil at will – disrupting not only business, but also putting lives at risk.

The Attack

In the spring and summer of this year, a group calling itself Dragonfly 2.0 targeted dozens of energy companies across the U.S. and Europe. In over 20 instances, the group gained access to their targets’ networks. Worse, they gained operational access at a handful of U.S. power companies, as well as at one power company in Turkey. Operational access here means that they would have been able to stop the flow of energy from circuit breakers to homes and businesses – including places like hospitals, casinos, prisons, and other locations where power is essential for safety and security.

The Dragonfly 2.0 hackers penetrated deep enough to take screenshots of the actual control panels for grid operations, but then stopped short of actually flipping switches. The reasons for this are not known, but some think that they were waiting to cause a disruption at a more strategically useful moment – say, during an election, or during an armed conflict.

What it Means for the Future

These attacks mark the first time that hackers have been able to gain control of American power systems. The first known blackouts caused by hackers occurred in Ukraine in 2015 and 2016.

The most serious attacks tied to Dragonfly 2.0 targeted only non-nuclear power companies, but hackers have previously penetrated the networks of companies that operate nuclear power stations. Obviously, hackers gaining operational access at nuclear power plant creates a startling array of national security concerns.

Warnings have been sent to more than 100 companies about the threat from Dragonfly 2.0 and similar groups, though similar warnings have been sent out since at least 2015. Electric utility companies are the latest sector that needs to remain on high alert, because there is clear and present danger.


CertainSafe: Bridging the Gap Between Security and Accessibility

CertainSafe offers a secure file sharing platform that is revolutionizing cloud security and bridging the gap between security and accessibility. That’s why we were recently accepted into the prestigious Plug and Play Tech Center in Silicon Valley, CA. To learn more about our products and services, please visit our homepage today!