Hackers next target could be the US electric grid

Hacking the electric grid?
Hacking the electric grid?

You've heard about hackers trying to steal credit card numbers and wipe out bank accounts. But there's another group that many cybersecurity experts say especially worry them.

These criminals are targeting critical infrastructure, like power grids — and what makes them dangerous is that some are backed by governments and big money.

"Turning off water, turning off electricity. Those are all realistic attacks now," said Liam O' Murchu a director with cybersecurity company Symantec, the manufacturer of Norton security products.

Symantec is currently tracking more than 100 government backed groups, more than ten times the number from five years ago.

Using a computer to cause a power outage may seem farfetched, but experts believe it's already happened. Most recently, in December, parts of Ukraine's capital city Kiev lost power because of what was believed to be a cyberattack.

And that wasn't the first time. In December 2015, 225,000 customers in Ukraine lost power, likely as the result of malware being placed on the computer network of a power supply company, according to the Department of Homeland Security. The Ukrainian government has blamed Russia for the 2015 attack.

People walk along a street during a power outage in the Crimean city of Simferopol on November 23, 2015.
Max Vetrov | AFP | Getty Images

Experts worry critical infrastructure attacks could also happen in the United States. The U.S. electric grid is worth more than $1 trillion and supplies power to 334 million people every year, according to the North American Energy Reliability Corporation.

"Sometimes [these groups are] launching real-time attacks and sometimes just setting up so they have a back door, they have a foothold that they can use in future when they need it," O'Murchu said.

'Act of war or act of God'

U.S. utility companies have taken notice.

"Whether it's an act of war or an act of God that is impacting the grid, we have ways to be resilient to make sure that we can keep the electricity flowing," said Scott Aaronson an executive director of security and business continuity with the Edison Electric Institute, which represents the investor owned electric companies in the U.S.

To restore power in Kiev, the city needed to go back to a manual system of supplying power.

"[Ukraine was] still able to operate the grid simply in a manual state without that digital overlay, without automated controls. That's something that we in the United States have some capability to do. But actually are looking to expand upon," Aaronson said.

In addition to learning from the incidents in Ukraine, U.S. electric companies share information with other grid operators and governments officials.

"In order to beat back the sophistication of a near peer nation state we need to have the sophistication of the U.S. government behind us," Aaronson explained

The electric industry also runs exercises to simulate attacks.

"One [test] known as GridEx, that happens every two years, is the biggest of its kind. But individual companies practice all the time to respond to and recover from all manner of incidents," said Aaronson.

The Government Accountability Office found over 2 dozen government effort to increase reliability, including protecting from cyberattacks, but says more needs to be done.

"We're talking about a government and the resources and the money and the expertise that a government can wield go, going up against private companies. So there's real mismatch there in the power of attack and the power of defense," O'Murchu said.