The US had a plan to jumpstart the electrical grid in the event of a catastrophic blackout. But, when the Pentagon and the National Security Administration were hacked via the SolarWinds breach, hackers may have accessed the plan.
“Black Start is just a very technical document. And it’s essentially a to-do list. If we were able to have a major power failure, it says, you know, we’re going to go turn on the power here first, then we’re going to move over here and do this,” says cyber security expert Nicole Perlroth.
The Black Start plan may have been compromised due to the fact the information was not stored within classified systems. Could least-privileged access have prevented this problem?
American electric at risk
Said the US Department of Energy, in a report last month,“…energy infrastructure and [the] digital supply chain present a key target for cyber compromise…”. If nation-state actors were able to turn the power off in the US, using the Black Start document, they could potentially determine how to keep the power off.
Cyber attackers are bringing their “A” game
Don’t get caught flat footed. Utilities and energy companies need to ensure that they understand the mechanics of their supply chains. Which third-parties are involved? Who has backdoor access and why?
It’s also critical for infrastructure entities to start logging and monitoring network activity in-depth. Visibility into systems improves cyber security posture and can prevent threats.
“It’s no secret that…nation-state adversaries are improving their own ability to attack the grid, and we need to not only be ready for the capabilities that they currently possess to try to disrupt grid reliability, but anticipate the threats to come,” stated former assistant Secretary of Defense and co-chair of Grid Resilience for National Security Subcommittee at the US Department of Energy, Paul Stockton.
Check out past SolarWinds-related supply chain attack coverage
- Priority and policy recommendations post software supply chain attack: Get information about new directions for US cyber security.
- Mull over this mystery: 30% of organizations suffering damage from the SolarWinds event report no connection to SolarWinds.
- SolarWinds is striving for ‘secure by design’. Find out about the company’s initiatives to secure their ecosystem.
- Get business insights for leaders. Learn about APT network threats, persistence mechanisms, API and identity access management (IAM) identities that may have been breached and more.
For more on Black Start and jump starting the US power grid, visit National Public Radio’s website.