A massive grid cyberattack may sound like the stuff of an apocalyptic movie. But for insurance giant Lloyd’s the prospect carries enough probability to carefully weigh the financial risk.
The cost? As much as $1 trillion if hackers take down just 50 generators out of 700 in 15 states within the Eastern Interconnection, according to a study by Lloyd’s and the University of Cambridge’s Center for Risk Studies.
“Business Blackout: The Insurance Implications of a Cyberattack on the US Grid” is meant to challenge assumptions made within the insurance industry about grid cyberattack. The report depicts in detail what would happen if hackers shutdown the power grid in one-third of US states.
“This scenario shows the huge impact and havoc that could result from a major cyberattack on the US. The reality is that the modern, digital, and interconnected world creates the conditions for significant damage, and we know there are hostile actors with the skills and desire to cause harm,” said Tom Bolt, director of performance management at Lloyd’s.
Lloyd’s is not alone in its concern. Homeland Security has reported that energy infrastructure is a major target of hostile foreign hackers. Meanwhile, the military has made energy independence a priority for military bases, and has become a major advocate for microgrids and distributed generation. President Obama raised concern about grid hackers in his 2013 State of the Union address.
The report offers a blow-by-blow account of a carefully planned cyberattack that would knock out 18,000 MW in key cities, among them New York and Washington, D.C.
The scenario is disturbing, fortunately improbable, but not impossible, according to Lloyd’s.
With no electricity flowing to 93 million people, the U.S. economy would face a $243 billion loss, rising to more than $1 trillion in the most extreme version of the scenario.
But of course loss of money is only part of the result; heath and safety would be jeopardized too.
“The scenario predicts a rise in mortality rates as health and safety systems fail; a decline in trade as ports shut down; disruption to water supplies as electric pumps fail and chaos to transport networks as infrastructure collapses,” the report says.
The attack would not be the work of teen-agers in a basement but of a highly sophisticated, dispersed team that spends months studying U.S. electric markets, control systems, and networks.
“Cyberattacks are often treated as a problem of technology, but they originate with human actors who employ imagination,” said the report.
In the Lloyd’s scenario the hackers install malware that spreads in generator control rooms and sits dormant for months collecting information. The hackers identify and target laptops used by key personnel, phish for routes from corporate computers into control rooms, hack remote systems, or even intrude physically to make system changes.
Read about how to keep the power on when the grid goes down in the Microgrid Knowledge guide, Reciprocating Engine Generators and Microgrids: The Last Defense Against a Power Outage, available for free download courtesy of Fairbanks Morse Engine.
Within 90 days they identify vulnerable generators, and schedule their attack for a hot July moment when the grid is operating at high capacity so is most vulnerable to failure.
The hackers covertly disable safety devices and send control signals “which open and close the generator’s rotating circuit breakers in quick succession, using the inertia of the generator itself to force the phase angle between supply and load out of sync,” the report said.
The hackers use an approach known as ‘pivoting,’ which describes the ability to establish chain attacks through multiple compromised machines.
Generators catch fire and engines blow apart; grid operators shut down unaffected facilities until they can figure out what’s going on. As more generators go off line, grid frequency destabilizes causing a cascade of more outages. Some generators are out for up to four weeks.
The report envisions few people are hurt at first, but injury and even death occurring as the outage continues through car accidents and heat stress (especially in nursing homes and hospitals where back-up generators fail). Others become sick from contaminated water or by eating spoiled or improperly cooked food, as a two-week supply of diesel fuel runs out for back-up generators at cold storage facilities.
The report cites possible industrial accidents, riots, looting and arson. Sewage overflows as treatment plants fail.
The economy, of course, takes a beating since most of us rely on electricity to work. Gas stations have no power, so once people run out of fuel they have trouble getting to work. Manufacturing shuts down or operates partially with back-up generators. Maritime port operations are suspended during the power outage, since electricity is needed for loading and unloading container ships.
In all, the report predicts a 100 percent shock to exports and a 50 percent drop in labor productivity as well as consumption — people can’t get cash or use credit cards to buy food and supplies.
Relief efforts become difficult since cell phone batteries have died and there is no electricity for television or the Internet. Airports, trains and subways are shutdown.
This type of hacking would be so complex, it would take months for engineers and government officials to retrace exactly what happened, and a year to fix all of the damage.
Lloyd’s created the report to prepare insurers for what it described as an “improbable but not impossible” scenario and to evoke debate and discussion. We don’t know if such a dramatic event will happen; we do know that the U.S. government, military and industry are engaged in a counter offensive as hackers consistently try to breach utility computers systems.
For the power industry, the report underscores the push for decentralized energy already under way.
The full report is available here.