The year before, there were 145.
The data is from the US Department of Homeland Security’s Computer Emergency Readiness Team, which is documenting a growing threat against poorly defended infrastructure, CNN reported. More than a third of the attacks made it through the first layer of defense.
“Our grid is definitely vulnerable,” said David Kennedy, the CEO of the security firm Trusted Sec. “The energy industry is pretty far behind most other industries when it comes to security best practices and maintaining systems.”
Should the power grid go down for just a single week, it is estimated approximately 1 million Americans likely would die from a lack of medical care and sanitation, and from civil unrest. If the power grid stays down a year, two-thirds of the population (200 million people) could die from starvation, a lack of medicine and lawlessness, according to the EMP Commission report to Congress.
A recent CNN Money article contained a frightening rundown of the grid’s vulnerabilities, including:
- Hackers managed to breach security at 37 percent of energy companies between 2013 and April 2014, a survey of security professionals by Threat Attack Security discovered. Malware had an easier time penetrating energy companies than financial services companies, which saw 31 percent of attacks succeed.
- 34 percent of security professionals at energy companies believe that the greatest threats to their organizations are “hacktitvists.” Hacktivists conduct politically motivated cyber-attacks.
- The cybersecurity firm FireEye identified 50 different types of malware in 2013 that are designed to target energy companies.
- A Verizon study found that energy firms were more likely to be targeted by spy malware than other companies.
- TrustedSec discovered spy malware in the software that operates turbines, controllers and other industrial machinery. The company’s experts believe the malware was in the system for more than a year.
- A Russian malware called Black Energy has been detected in software that runs turbines that produce electricity in the US.
Story continues below the video:
A CNN video showed researchers from the security firm Cimation successfully seizing control of a pump over the Internet and causing it to leak and malfunction. The pump is similar to remote controlled devices in oil and natural gas pipelines.
“They don’t have the security controls in place,” Cimation hacker Brian Meixell said of energy infrastructure. “There’s lots of kinds of unpredictable things that could happen. These systems are in a lot of different areas in a lot of different industries.”
Admiral Mike Rogers, the director of the National Security Agency (NSA), admitted in October that the grid is vulnerable.
“Power… is one of the segments that concerns me the most,” Rogers said.
CNN reported that the grid is vulnerable in part because much of the technology used dates to the 1970s or earlier. Additionally, the network said DHS and the FBI are “touring 12 American cities, hosting classified meetings with energy providers and utility companies to brief them on the danger.”
No energy company responded to CNN’s inquiries for comment.
Do you believe the US power grid is vulnerable to a large attack? Share your thoughts in the section below: