Malware threat proves U.S. power grid much more vulnerable than previously believed

During a recent two-part series published by about how an electromagnetic pulse (EMP) could destroy the nation’s power grid, a portion of that report included ways to “EMP-proof” your life: Obtain non-electrical appliances; stock up on portable solar panels; self-defense; items to barter, and so on.

The good news, however, is that experts don’t believe an EMP event to the power grid, either via a nuclear explosion in the atmosphere above the country or a massive solar storm, is the biggest threat facing the country.

The bad news is, there most certainly is a major threat to the grid, and it’s actually much worse than analysts and experts thought.

A cyber security firm that has been investigating the world’s first known attack on a nation’s power grid, which occurred in Ukraine in December 2015 — an attack that Russia is suspected of carrying out — says that malware is a much bigger threat to the nation’s grid than previously believed.

In January 2016 reported on the Ukrainian cyber attack, which took a major power station offline for several hours and involved the use of malware:

Experts have been warning for years that Western society’s outsized reliance on the Internet to manage critical infrastructure was a growing liability in the age of cyber warfare, and now they have been proven correct.

The cyber security firm analyzing that attack, vArmour, has said it has found a new malware variant that has the potential to take down networks that operate power grids around the world. USA Today reported:

The malicious code is capable of directly controlling electricity substation switches and circuit breakers and could potentially be used to turn off power distribution or to physically damage equipment used in the electricity distribution grid, researchers at ESET wrote in a paper

The company’s chief cyber security strategist, Mark Weatherford, said the malware can automatically attack power grids, which he called “a big deal.”

Others agree. Sue Kelly, president and CEO of the American Public Power Association said that U.S. power companies are “properly alarmed.”

“We are going up a level in the video game here,” she told USA Today, adding that her organization is working with power companies and other national and international groups, as well as the Trump administration, to assess the newly discovered malware and try to understand how big of a threat it may be.

Experts say what makes this malware particularly problematic is that it is capable of automatically tripping breakers within a grid that prevent power lines from becoming overloaded. After one breaker trips, power is then shunted to another section of the grid; if enough breakers are tripped at once, and in the right locations, Weatherford said it is possible to create a sort of ripple effect that will lead to an overload of the entire grid system. (RELATED: Overloaded US power grid stretched to capacity; Will America follow in India’s footsteps?)

If that happens, don’t expect the power to be restored immediately. Or even within hours.

“In some cases,” he says, “it could then take days to restart all the plants.”

The malware, which has been dubbed “Industroyer” by vArmour researchers, is very much improved in that it is far easier to use than previous programs. Also, it wasn’t dispatched to really do damage, meaning that the December 2015 may have just been a test run.

What’s more, experts say, industrial-level control networks like those used to manage power grids are far less secure than more sophisticated computer networks employed by financial institutions and businesses in general.

“They were developed years ago, without security in mind,” Robert Lipovsky, a senior malware researcher with ESET, told USA Today. “They weren’t designed for smart grids or interconnectedness.”

If you’ve not begun prepping for the day the lights go out — perhaps for months or years — there’s no time to waste. It appears as though potential adversaries are already testing the cyber weapons they will use to bring about the end of the world as we know it.

J.D. Heyes is a senior writer for and, as well as editor of The National Sentinel.