With the recent attacks by ransomware hacking against the oil pipeline and now with the meat packing industry I say some intelligent people wondering why they attack those things instead of the power grid.
(Image source: blog.knowbe4.com)
In my industry (Network Engineering) I am following a lot of hacking and security breaches on a fairly regular basis. Most of the time I am just dealing with attempts to compromise the networks I am in charge of. I can tell you that such attacks are so numerous now that I don't see how any particular agency is staying on top of them. If you get caught hacking some very wealthy firm with contacts in some agency then you might be in trouble. For most of us if they compromise our machines they are not going to do anything about it. It's up to you.
There are vast quantities of compromised machines, and devices connected to the internet all over the world. Some of these if they are not simply script kiddies (using tools other people made without being able to make those tools themselves) then they know to not brute force or take actions that will make people pay attention. Do a little here. Move on to another project. Come back a little later and do a little more. By this slow roll they manage to acquire assets they control all over the world. Each such asset can also be used to compromise other assets. What I mean by this is they can then use those compromised assets to make the connections to try to compromise others. If it is noticed and traced back then the investigators will only find a compromised machine. It's owner most likely being oblivious. If they trace it back further they eventually will likely encounter one or more VPNs which can amount to dead ends. This is especially true if the VPN provider has a no logs policy.
(Image source: defencetalk.com)
Why does all of this matter?
What do they need to do these things?
What does the internet need?
What happens if they take down the power grid?
They lose access to all of the compromised assets. They no longer can attack the pipelines, meat factories, insurance companies, banks, laboratories, universities, etc.
We are in an information war. If they can steal research that is worth a tremendous amount. If they kill the power grid they lose access to any beach heads they likely established in the areas impacted by the power outage.
In my opinion an attack on the power grid will come only in a couple of circumstances...
- They are ready to invade physically and want to cripple us.
- They no longer deem us as having any assets they care whether they control but they want to cripple us and make us less of a threat.
If you lost power for a day, a week, a month, a season, a year, etc. How would that impact your life?
Do you know how to live without things provided by electricity? Does your house have a wood burning stove? How many water pumps providing water to your house will no longer be working? Do you have access to clean water that doesn't require electricity?
Do you live in what normally would be a desert environment and you rely on electricity for your air conditioning?
How about food storage? That refrigerator and those freezers are likely going to be gone.
If the power grid ever does go down for an extensive amount of time there will be a tremendous amount of death.
Now consider we no longer have factories that produce many of the components required by our power grid in the United States...
There are some states taking steps to reduce the huge potential disaster the power grid represents. It can also be taken out by a large solar flare and there are those that say such a flare is likely imminent.
It is certainly something to think about. Rather than giving into fear and doing nothing see it as an opportunity to plan how YOU would survive if it were to happen.
I don't think intelligent hackers would go for the power grid unless they are okay with removing access to all of the other assets they have compromised. Doing so would in my opinion indicate they see themselves at the end game in their plans, or they are just not thinking things through long term and they pull the trigger and have an "oops now, I can't get back in" moment.