Stuxnet-style attack on US smart grid could cost government $1 trillion
The Lloyds ‘Business Blackout’ report was co-authored by the insurer and the University of Cambridge Centre for Risk Studies, whilst also seeking the advice of the Cabinet Office, the Department of Homeland Security and security firms including IOActive and Context, among many others.
The report sets out a scenario where a group of hackers, using the Erebos Trojan, seek to infect and take offline electricity generation control rooms to introduce an electricity black-out across 15 states including New York and Washington.
Researchers said that the attack, ‘improbable’ but ‘technologically possible’, would likely result in huge government and insurance pay-outs, as well as a rise in mortality rates, a decline in trade (as ports shut down), a disruption to water supplies (as electric pumps fail), and general chaos on transport networks.
The report, which cites Stuxnet and Shamoon as two high-profile critical infrastructure attacks in recent years, describes how the Trojan would be used to infect electricity generation control rooms in part of northern US, and would then lie dormant and undetected until instructed to take over the generators, by exploiting specific vulnerabilities.