Can you recover the power grid after a cyberattack? The Department of Energy finds out

The project will investigate the consequences of attacks on energy infrastructure and how long it takes systems to recover.
Written by Charlie Osborne, Contributing Writer

The US Department of Energy (DoE) is planning a "hands-on" test of the real-world consequences associated with successful cyberattacks against core country services.

Cyberattacks levied against critical infrastructure, smart grids, and utilities are not a future possibility; but rather, they are happening now.

Ukraine's power grid blackout in 2016 was one of the first real indicators that if there are bugs which can be exploited, critical services are just as vulnerable as the average consumer or business to cyberthreats.

The malware responsible for the attack in Ukraine -- which caused the city of Kiev to lose power for an hour -- has been dubbed Industroyer by ESET researchers.

Industroyer has been dubbed the "biggest threat to industrial control systems since Stuxnet," a worm which was used to compromise an Iranian nuclear facility in 2010. However, this malware has been specifically designed to attack the power grid by disrupting industrial processes which manage power flows.

Ukraine has first-hand experience in just how disruptive an attack on the power grid can be. Now, the US wants to be able to say the same -- albeit in a controlled fashion.

CNET: Lights out: How Crash Override hits power grids -- hard

According to EE News, the DoE will be launching "Liberty Eclipse" -- not to be confused with an exercise bearing the same name back in 2017 -- a stress test which will mimic a cyberattack levied against electric, oil, and natural gas systems.

The US agency's test will take place off the coast of New York on Plum Island in November. The simulated attack will require participants to respond and rebuild the energy grid over the course of the week-long program.

Documents obtained by the publication said that the overall goal of the scheme is to "gain insights into how industry, with DoE support, would execute a response to a significant cyber incident."

TechRepublic: Massive nation state malware attack shuts down industrial plant

The program will also aim to establish a "blackstart" recovery system, which will instruct energy staff on how to restore the grid in a step-by-step guide.

The Defense Advanced Research Projects Agency (DARPA) will provide simulated "cranking paths," an idea toyed with as a means to jump-start utilities and grid restoration after they experience severe disruptions.

Energy Secretary Rick Perry told reporters last week that it was in the United States' interest to "continue to protect these sources of energy and to deliver them around the world," and "taking care of that infrastructure, from the standpoint of protecting it from cyberattacks -- I don't think it's ever been more important than it is today."

See also: Industroyer: An in-depth look at the culprit behind Ukraine's power grid blackout

Android, iOS mobile apps to download before disaster strikes

Previous and related coverage

Editorial standards