Are Hackers Threatening to Punch America’s Lights Out?

by Sean Brodrick

Today's the day! We've officially launched the Investment U Bookstore. To celebrate, we're offering a 50% discount on Sean Brodrick's latest report, "Smart Grid Security: Cash In on These Four Companies as They Prepare to Secure Our Nation" (click here for details). As you'll read in today's piece, the timing of Sean's report couldn't be better. Because right now utilities and government agencies are throwing tons of cash at a select group of security firms. Find out why below.

On any given day, there’s a 1-in-4 chance someone is attacking the U.S. power grid - either physically or in cyberspace. What’s worse is small security breaches in our power grid systems could be ripped wide open... That could shut down power for thousands or even millions of Americans.

And that’s not even the really scary stuff.

Welcome to the world of the 21st Century Power Grid - more interconnected, more interdependent and potentially more vulnerable than ever.

It’s not that utilities aren’t aware of problems. Of course they are. They’ve been paying close attention ever since the most severe attack on a U.S. power grid happened in 2013.

That’s when someone cut phone cables that could send an alarm just before snipers opened fire on an electrical substation outside San Jose, California. That substation feeds into a grid that funnels power to Silicon Valley.

Within minutes, the snipers surgically knocked out 17 giant and expensive transformers.

The Cyberthreat

I wrote about the power grid for Investment U back in April 2014. To be sure, that California attack was a wakeup call for the industry. Power companies cranked up security at substations nationwide.

But the next attack may not be physical. It may be in cyberspace.

The problem for U.S. utilities is their control systems weren’t originally designed to be connected to the Internet. Hackers can infiltrate, smash and crash the complex systems that run America’s three major power grids.

A widespread outage could greatly impact you. For as long as it lasts, you’d have no access to ATMs... air-conditioning and many heating systems wouldn’t work... cellphones would just be lumps of metal and plastic.

Driving to the office would be like navigating an obstacle course because traffic lights wouldn’t work. At the supermarket, food would go bad due to the lack of power backups for freezers and refrigeration units.

And if you ran out of gas, well... gas stations need electricity, too.

Spending Is Soaring

A government report issued last year said that U.S. utilities are expected to spend about $7 billion on cybersecurity by 2020. Given the constantly shifting nature of cyberthreats, the cost could be much higher.

The more America moves toward a smart grid, the more vulnerable our systems become. Eventually, all networks will become interconnected. That could leave America’s power grid even more open to cyberattacks.

And if just a small number of U.S. substations were knocked out at once, the entire system would destabilize. This could cause a blackout encompassing most of the U.S. That’s according to a study by the Federal Energy Regulatory Commission (FERC).

Jon Wellinghoff, former chairman of FERC, told reporters our power grid is currently "too susceptible to a cascading outage" because of its reliance on a few critical substations and other physical equipment.

An internal FERC report laid out a worst-case scenario in which hackers disabled as few as nine substations while simultaneously sabotaging one of the few companies that make electrical transformers.

This could plunge America into a total blackout. How long would it last? The FERC report said up to 18 months. Yikes!

Defining Attacks

Power companies officially reported 14 cyberattacks in the past three years. However, it all depends on how you define “attack.”

The branch of the Department of Homeland Security that monitors cyberthreats received reports of 151 cyber incidents related to the energy industry in 2013. That’s up from 111 in 2012 and 31 in 2011.

In a TV interview, Gerry Cauley, president and CEO of North American Electrical Reliability Corporation, said, “On any given day there are thousands of attempts to probe and get into the networks and control systems of the power grid.” He added: “We have the defenses to prevent that.”

That’s been the case so far, at least.

In a press report, FERC Commissioner John Norris said he believes America should focus on technologies like microgrids. These can quickly isolate damaged components from the rest of the network in the event of an attack. Advanced technologies can also alert companies to incidents before they spiral out of control.

The Foreign Threat

China and other countries have the know-how to launch a cyberattack that would shut down the entire U.S. power grid and other critical infrastructure. That’s according to Admiral Michael Rogers, head of the National Security Agency and U.S. Cyber Command.

Speaking to Congress last year, he said special software has been detected in China that could damage our power company networks and other critical systems.

Meanwhile, former director of national intelligence Mike McConnell disclosed a startling fact in a speech at the University of Missouri recently. He said: “The Chinese have penetrated every major corporation of any consequence in the United States and taken information.

“We've never, ever not found Chinese malware.”

Why would the Chinese do that? The reason is there are no risks to them if they get caught. They can steal a treasure trove of information.

Of course, a worrywart might wonder if the Chinese are placing that software in critical power grid systems “just in case.”

The Good News

There has never been a successful attempt to cause a power outage via cyberattack in the U.S. And hopefully it will stay that way.

I guess it all comes down to why you think that attack on transformers powering Silicon Valley happened. The folks who did it weren’t amateurs. They took care to leave no fingerprints behind. They’ve also never been caught.

Were they really smart guys out to prove a point? Or were they running a test... a trial run for a potential act of war?

Either way, U.S. utilities are coordinating more closely than ever with the federal government and each other to share threat information...

And they’re throwing bags of money at select companies to deploy new tools and technologies that can detect attacks and protect their assets.

All the best,


Have thoughts on this article? Leave a comment below.


comments powered by Disqus

Cyberattacks Won’t Stop Anytime Soon... Why Not Play the Trend?

Hackers are threatening more than the power grid and utilities. Surely you recall that massive Target data breach in 2013. Not to mention high-profile hacks of Home Depot, Neiman Marcus and eBay. Oh, and remember earlier this year when Bitstamp, one of the world’s largest Bitcoin exchanges, was breached? Cyber-criminals made off with almost 19,000 “coins,” the equivalent of $5.2 million.

The point is: cyberthreats against corporations and individuals won’t stop anytime soon. Why not capitalize on this trend by investing in Check Point Software Technologies (Nasdaq: CHKP)?

Check Point is the world leader in Internet security. According to Alexander Green, “The company has several advantages over potential competition, including the world's most advanced security technology, protected by 35 U.S. patents (19 others are pending). It has won numerous industry honors, including: IT Product of the Year, Network Security Vendor of the Year, Best Encryption Solution, Best Integrated Security Solution, Best Mobile Device Solution and numerous Editor's Choice awards.”

Check Point has posted steady increases in sales and earnings for each of the past eight years (including during the Great Recession) and ended 2014 at a 10-year high. Its customer list includes tens of thousands of government agencies and businesses around the world, including every member of the Fortune 100 and most of the Fortune 500. And with cybersecurity a growing threat worldwide, future growth is assured.

Alex summed it up best when he first recommended the company to Oxford Communiqué subscribers last year. He wrote: "As cyberthreats continue to evolve and grow, demand for greater security - and Check Point products and services - will only increase. As sales and earnings ratchet sharply higher, so should the stock."

- Alexander Moschina with Alexander Green

Live Twitter Feed