How a cybersecurity attack would cripple America – after catastrophic Crowdsource glitch
Cybercriminals could cripple the US by attacking just 10 critical parts of an electrical grid, experts have revealed.
The attack would begin with “a series of cascading outages,” first taking out essential service providers such as 911 call centers and healthcare facilities, and then expanding to critical infrastructure.
Americans would lose access to energy, water, financial services, public transportation and mobile phone networks, with dire consequences.
Morgan Wright, a former senior counterterrorism adviser at the US State Department, told DailyMail.com that “civil unrest” and a “breakdown of social order” would soon follow.
Cybercriminals could cripple the US by attacking just 10 critical components in an electricity grid, experts have revealed
The world got a taste of what a cyberattack can do when cybersecurity firm CrowdStrike released a flawed update last month that left 8.5 million Windows computers unworkable.
This misstep had consequences for airlines, banks, supermarkets, television stations and many other sectors around the world.
Microsoft suffered a second outage on Tuesday, affecting many of its services and businesses that used the technology for about 10 hours.
The tech giant later admitted that its services had been taken down by a distributed denial of service (DDOS) attack, which was “amplified” by a flaw in the company’s cyber defenses.
Eric O’Neill, a former FBI counterterrorism and counterintelligence agent, told DailyMail.com that foreign spies have been looking for security holes in infrastructure for more than a decade that they can use to launch catastrophic cyberattacks.
They have already found ways to disrupt America’s fuel, energy, water, communications and education systems, in an effort to exploit our dependence on these vital resources, he continued.
Such an attack would have serious consequences for American citizens and could even kill Americans on their soil, warned Nicholas Reese, a cyber expert and assistant professor at New York University’s Center for Global Affairs.
The attack would begin with “a series of cascading outages,” first taking out essential service providers such as 911 call centers and healthcare facilities.
Hospitals would face disruptions in intensive care units and operating rooms, causing medical equipment to malfunction and patients to die.
He explained that a cyberattack on 112 call centers would result in patients no longer receiving urgent medical care.
Meanwhile, hospitals would face disruptions in intensive care units and operating rooms, causing medical equipment to malfunction and patients to die.
“Intentional large-scale attacks on critical infrastructure are not carried out with the intent to cause inconvenience,” Reese said.
‘They would be executed to cause domestic unrest and thus project their power.’
Reese described an attack of this magnitude as a “significant act of aggression” against America and indicated it would require a serious government response.
This could mean that the country is dragged into a military conflict with the perpetrator.
According to experts, cybercriminals are aware that taking over vital resources, such as energy and water, would be the way to paralyze the country.
This happened in 2021 when a hacking group called DarkSide shut down the Colonial Pipeline, which supplies oil to much of the US East Coast.
The five-day disruption caused local shortages of petrol, diesel and kerosene. Consumers feared running out of petrol and so they bought in droves.
“We saw a microcosm of how citizens would respond during the Colonial Pipeline ransomware attack,” Wright explains.
‘There was a run on gasoline because of a ‘perceived’ energy shortage, not because of an actual shortage.
“It only took a few hours for the unrest to escalate, due to social media and misreporting of what was really happening.”
Cybercriminals know that taking over vital resources like energy and water would be the way to cripple the nation, experts say. This was experienced in 2021 when a hacking group called DarkSide shut down the Colonial Pipeline that supplies oil to much of the U.S. East Coast
The five-day disruption caused local shortages of gasoline, diesel and jet fuel, leading to panic buying as consumers feared running out of gas. Photo shows a long line at a gas station in Georgia
Given the chaos surrounding the Colonial Pipeline, O’Neill believes a cyberattack on the U.S. energy supply would have a similar domino effect for all Americans.
“Without electricity, citizens would have no communications, no air conditioning, no heating, no water when we turn on the tap and no light when we flip the switch,” he said.
‘Business would come to a standstill, finances would no longer be available, hospitals would no longer be able to provide care, and much more.’
According to O’Neill, when carrying out such an attack, the perpetrator would likely target Supervisory Control and Data Acquisition (SCADA) networks. These networks help manage industrial equipment, as they are easy targets due to inadequate cybersecurity and outdated software.
“The orchestrated attack would require numerous, synchronized attacks on different parts of the power grid,” he explained.
“But with our networked economy and supply chain, taking out just one large portion of the U.S. power grid would throw the country into chaos.”
In light of the chaos of the Colonial Pipeline, O’Neill believes a cyberattack on U.S. energy supplies would have a similar domino effect for all Americans, causing blackouts across the country
A final element could include physical attacks on U.S. power plants and switching stations, O’Neill added.
“Attackers only need to attack nine or 10 major nodes in the United States to bring down the power grid,” he said.
While a deliberate cyberattack by a hostile state or cybercriminal group can hinder national infrastructure, an unintentional IT outage or system failure can be just as damaging.
According to Wright, these types of disruptions demonstrate how a “lack of resilience” and “over-reliance on a single source of technology and software” can disrupt essential industries and the lives of many.
“Despite all preparations and measures to mitigate the threat, this was an unintended action that exposed weaknesses in all critical sectors,” he said.
Despite the seriousness of these threats, some believe the U.S. government is not taking them seriously enough.
“The government could certainly do more to prepare the United States for a catastrophic attack, plan and assess our response to such an attack, and prepare in advance of an attack by hardening our critical infrastructure,” O’Neill said.
When asked how to improve the security of the U.S. national infrastructure, O’Neill said increased investment and collaboration between the federal government, state officials and industry are essential steps.
According to O’Neill, lawmakers should also require critical infrastructure companies and agencies to adhere to strict cybersecurity standards and a zero-trust approach to verify the identity of third parties before allowing them access to their computer networks and resources.
“The government can apply for subsidies and financing for the investment,” he continued. “Key transmission points and power plants need to be hardened and made resistant to attacks.”
As these threats grow in scale and complexity, O’Neill said national efforts are needed to ensure critical services and infrastructure are resilient enough to “operate under pressure.”
“When a hospital is attacked, it must be able to function without the Internet. Water utilities must be manually manageable when operational centers are attacked,” he concluded.
‘Electricity grids should be more redundant and less reliant on outdated transmission paths and models. Everything from schools to supermarkets should have backup systems and the ability to disconnect from online portals and third-party applications to continue delivering services.’