I remember it well. It was December 2016, and in the blink of an eye much of the Ukraine power grid shut down. Now after months and months of cyber detective work, the specific malware has been identified. Crash Override, AKA Industroyer, is apparently the culprit. And it would only take a few tweaks here and there to deploy it in the U.S.
No Crash Override, No Risk?
While I applaud the diligence involved in pinpointing Crash Override as the specific malware leveraged in the Ukraine attack, this knowledge does not reduce our overall risk. For every Crash Override virus that gets shut down, there are a dozen more waiting in the wings. It is an endless game of cat and mouse, a viscous cycle that is as much a part of the world we live in as sunrises and social media.
That said, with every cybersecurity exercise that takes place, our aggregate understanding of how to detect and mitigate future system hacking threats improves. Yes it is a bit like being on a treadmill, but it is a necessary evil nonetheless. As an example, the Crash Override research helped provide a blueprint to monitor for system anomalies, and this blueprint will become more and more refined – and effective – as time goes on.
The bottom line is that cyber-attacks are a very real, very scary risk for not only electric utilities, but also for utilities in other sectors as well. So now is the time to incorporate cyber-attack mitigation strategies and processes into emergency planning, and to incorporate these types of scenarios into exercises and drills. This way, your company will be ready when the next Crash Override hits.