The doomsayers seem to announce it from every corner: Catastrophe. Blackouts. Chaos. Riots. These are the end times, for hackers will soon destroy our energy grid, plunging us into a darkened, if not downright benighted state in which our baser natures will take over and finish off civilization as we know it.
This grim specter is a common narrative at places like DEFCON and Black Hat, and among fans of the Doomsday Clock. But chilllllllllllll people: The energy grid is more at risk from gnawing rodents than hoodie-wearing cyber-terrorists.
In a word, squirrels. Squirrels are our greatest enemy.
According to Marcus Sachs, CSO with the North American Electric Reliability Corporation (NERC), critters are Public Enemy No. 1 when it comes to knocking power offline. Squirrels (and, lest we be too squirrel-ist, snakes and birds are worrisome too) will tend to nest in substations, chewing on cables or creating fire threats from their gathered materials.
Addressing RSA Conference attendees, Sachs said that his organization’s list of high-impact and high-consequence threats don’t currently include cyberattacks. At all.
“Security is extremely important to us. There are multiple threats. Cyber is one and physical is another,” he said. “Yes, we have a few mouse clicks here and there—but the real threat is Mother Nature and humans doing stupid stuff.”
Humans doing “stupid stuff.” Imagine that.
It’s not as though there’s no cyber-danger at all, as the attack on the Ukrainian power grid demonstrated last year. And, there was the attack on the upstate New York dam that put the focus on cyber-vulnerabilities in critical infrastructure in general.
However, Sachs said that it’s important to keep in mind that the lack of streamlining and general modernization/efficiency across the 55,000 power substations in the US is actually a plus. Outages tend to stay localized, and hackers can’t really pivot and move throughout the system. They’ll run into dead ends all over the place.
“What makes Ukraine different from U.S. is their grid is synchronous and lacked the type of diversity and separation of infrastructure that we have in North America,” Sachs said the “Here in North America, we encourage diversity. No two substations are the same no two companies run their infrastructure the same. I’m sure the end-of-days types will continue to do what they do: At the 2016 RSA Conference, US Cyber Command’s Adm. Michael Rogers said it’s a matter of when, not if, a nation-state successfully attacks the electric grid. And it’s good to stay vigilant. But in the meantime, mind the squirrels. They’re the real enemy—and insider threats, at that.