We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

Malware Capable of Shutting Down Electric Grids Confirmed

June 19, 2017

Cybersecurity in Energy
Malware was recently identified that appears to have been designed and deployed by a nation-state to target and shut down electric grids.

According to published reports, this malware currently appears to be capable of attacking the European grids, and parts of the Middle East and Asia grids, by targeting the specific industrial control system (ICS) network protocols used to operate those grids. [1] With small modifications, the malware reportedly also appears to be capable of attacking the North American power grid, as well as other industries that use ICS networks (e.g., oil, gas, water, data) around the globe.

The malware, called “CrashOverride” or “Win32/Industroyer,” appears to pose the most significant cyber-based threat to a physical industrial process since the Stuxnet malware was reportedly used in 2009 to physically damage Iranian uranium enrichment centrifuges. A report issued by a cybersecurity firm earlier this week analyzed the malware and found that it is very likely the same type of malware that shut down portions of the Ukraine electric grid in December 2016. The purpose of the malware seems to be limited to causing power outages. Notably, the malware is also reportedly capable of delaying restoration actions, including by erasing ICS network software, and deleting traces of the malware after the attack, preventing effective forensics.

Contacts

Loading data