Security Firms Warn of New Cyber Threat to Electric GridJune 12, 2017
(Reuters) - Two cyber security companies said they have uncovered a sophisticated piece of malicious software capable of causing power outages by ordering industrial computers to shut down electricity transmission.
Analysis of the malware, known as Crash Override or Industroyer, indicates it was likely used in a December 2016 cyber attack that cut power in Ukraine, according to the firms, Slovakian security software maker ESET and U.S. critical-infrastructure security firm Dragos Inc.
The discovery may stoke fears about cyber vulnerabilities in power grids that have intensified in the wake of the December Ukraine attack, and one a year earlier that also cut power in that nation.
Ukraine authorities have previously blamed Russia for the attacks on its grid. Moscow has denied responsibility.
Dragos founder Robert M. Lee said the malware is capable of causing outages of up to a few days in portions of a nation's grid, but is not potent enough to bring down a country's entire grid.
The firm has alerted government authorities and power companies about the threat, advising them of steps to defend against the threat, Lee said in an interview.
Crash Override can be detected if a utility specifically monitors its network for abnormal traffic, including signs that the malware is searching for the location of substations or sending messages to switch breakers, according to Lee, a former U.S. Air Force warfare operations officer.
The sample of Crash Override that was analyzed by Dragos is capable of attacking power operators across Europe, according to Lee.
"With small modifications, it could be leveraged against the United States," he said.