Cyber-security firms ESET and Dragos have unearthed a new malware that can disrupt power grids leading to blackouts for days. The malware has been named Industroyer by ESET, while Dragos has termed it as CrashOverride in their respective analyses. Whatever be the name, the malware is seen as the biggest threat to appear after Stuxnet – the US-Israeli cyber weapon designed to shutdown Iranian nuclear facility. As mentioned in both the reports, the Industroyer malware is suspected to have caused the power outage in Kiev, Ukraine on 17 December 2016.
Ability of the Industroyer malware
The malware in not designed to target any specific configuration or vendor. Rather, it is smart enough to bank upon the knowledge of grid operations and network communications to deliver its blow. This malware can be applied time and again to control switches and circuit breakers to disrupt electricity distribution system anywhere in the world. Industroyer uses protocols, common to the ones used Asia, Middle East and Europe. Thus making these regions its primary target. With minor tailoring it can be reconfigured to take down power grids in North America. The impact may lead to widespread power shutdown for several hours or even days at a stretch.
The malware is not the only potential threat to power distribution systems and it can disrupt transportation, water, energy and gas systems almost in no time. These protocols are poorly secured everywhere in the world. Dragos notes that the blackout demonstrated in Kiev in 2016, might just have been for testing purpose. This only apprehends a power outage of a bigger scale in future.