Cybercriminals could paralyze the United States by attacking just 10 critical components of a power grid, experts say.
The attack would begin with “a series of cascading failures,” first shutting down essential service providers such as 911 call centers and healthcare providers, and then spreading to critical infrastructure.
Americans would lose access to energy, water, financial services, public transportation and cellular networks, with dire consequences.
Morgan Wright, a former senior counterterrorism adviser at the US State Department, told DailyMail.com that “civil unrest” and a “breakdown of social order” would soon follow.
Cybercriminals could paralyze the United States by attacking just 10 critical components of an electrical grid, experts say
The world got a taste of what a cyberattack could wreak when cybersecurity firm CrowdStrike issued a flawed update last month, causing 8.5 million Windows computers to malfunction.
The misstep affected airlines, banks, supermarkets, television stations and many other industries around the world.
Microsoft experienced a second outage on Tuesday, affecting many of its services and businesses that use its technology for about 10 hours.
The tech giant later admitted that its services were disrupted by a distributed denial of service (DDOS) attack that was “amplified” by a bug in the company’s cyber defenses.
Eric O’Neill, a former FBI counterterrorism and counterintelligence agent, told DailyMail.com that foreign spies have spent more than a decade looking for security holes in infrastructure that they can exploit to carry out catastrophic cyberattacks.
They have already found ways to disrupt America’s fuel, power, water, communications and education systems as they seek to exploit our dependence on these essential resources, he continued.
Such an attack would have dire consequences for U.S. citizens, including killing Americans on their own soil, warned Nicholas Reese, a cybersecurity expert and adjunct professor at New York University’s Center for Global Affairs.
The attack would begin with “a series of cascading failures,” first shutting down essential service providers such as 911 call centers and healthcare providers.
Hospitals would see disruption in intensive care units and operating rooms, leading to medical equipment failures and patient deaths.
He explained that a cyberattack on 911 call centers would deprive patients of urgent medical care.
Meanwhile, hospitals would see disruption in intensive care units and operating rooms, causing medical equipment failures and patient deaths.
“There would be no deliberate, large-scale attacks against critical infrastructure with the goal of causing disruption,” Reese said.
‘They would be executed to cause internal unrest as a means of power projection.’
Describing an attack of this scale as a “significant act of aggression” against the United States, Reese suggested it would require a serious response from the government.
That could mean the nation being drawn into a military conflict with the perpetrator.
Cybercriminals are aware that taking control of essential resources such as energy and water would be the way to paralyze the nation, experts said.
This was experienced in 2021, when a hacker group known as DarkSide shut down the Colonial Pipeline that supplies oil to much of the US East Coast.
The five-day outage caused localized shortages of gasoline, diesel fuel and jet fuel, leading to panic buying as consumers feared they would run out of gas.
“We saw a microcosm of how citizens would respond during the Colonial Pipeline ransomware attack,” Wright explained.
‘There was a run on gasoline due to a ‘perceived’ shortage of energy, not an actual shortage.
‘It only took hours for the riots to escalate due to social media and incorrect reporting about what actually happened.’
Cybercriminals are aware that taking control of essential resources such as energy and water would be the way to cripple the country, experts said. This was witnessed in 2021 when a group of hackers known as DarkSide shut down the Colonial pipeline that supplies oil to much of the US East Coast.
The five-day outage caused localized shortages of gasoline, diesel fuel and jet fuel, prompting panic buying over fears that consumers would run out of gas. Image shows a long line at a gas station in Georgia
In light of the Colonial Pipeline chaos, O’Neill believes a cyberattack on U.S. energy supplies would have a similar ripple effect for all Americans.
“Without electricity, citizens would lose communications, air conditioning, heating, water when we turn on the tap and lights when we flip the switch,” he said.
‘Businesses would come to a standstill, funds would be unavailable, hospitals would be unable to provide care, and much more.’
To carry out such an attack, O’Neill said, the perpetrator would likely target Supervisory Control and Data Acquisition (SCADA) networks, which help manage industrial equipment because they are easy targets due to insufficient cybersecurity and outdated software.
“The orchestrated attack would require numerous synchronized attacks against different components of the power grid,” he explained.
“But with our networked economy and supply chain, taking down just one major section of the U.S. power grid would plunge the country into chaos.”
Given the Colonial pipeline chaos, O’Neill believes a cyberattack on U.S. energy supplies would have a similar ripple effect for all Americans. It would lead to blackouts across the country.
A final element could be physical attacks on U.S. power transmission and switching stations, O’Neill added.
“Attackers would only need to target nine or 10 key nodes within the United States to potentially bring down the network,” he said.
While a deliberate cyberattack launched by an enemy state or cybercriminal group could hamper national infrastructure, an accidental computer system outage or system failure would be equally damaging.
Such disruptions show how a “lack of resilience” and “over-reliance on single sources of technology and software” can disrupt essential industries and the lives of many people, Wright said.
“Despite all the preparation and threat mitigation, it was an unintentional action that highlighted the weakness of all critical sectors,” he said.
Despite the serious nature of these threats, some believe the US government is not taking them seriously enough.
“The government could certainly do more to prepare the United States for a catastrophic attack, plan and assess the response to such an attack, and prepare in advance of the attack by strengthening our critical infrastructure,” O’Neill said.
Asked how the security of America’s national infrastructure can be strengthened, O’Neill said increased investment and collaboration between the federal government, state officials and industry are essential steps.
Lawmakers should also require companies and critical infrastructure agencies to follow strict cybersecurity standards and zero-trust approaches to authenticate third-party identities before granting them access to their networks and computing resources, O’Neill added.
“The government can apply for subsidies and funding for investment,” he added. “Key transmission points and power stations need to be strengthened and made resistant to attacks.”
As these threats increase in scale and complexity, O’Neill said a nationwide effort is needed to ensure critical services and infrastructure are resilient enough to “operate under pressure.”
“When a hospital is attacked, it must be able to operate without the Internet. Water services must be able to be managed manually when operations centres are attacked,” he concluded.
“Power grids should be more redundant and less reliant on outdated transmission models and routes. Everything from schools to grocery stores should have backup systems and the ability to disconnect from online portals and third-party apps to continue services.”
