Guest blog by S. A. Shelley: Earlier this year, the Colonial Pipeline, carrying gasoline and jet fuel from Houston to the southeast US was hacked. The perpetrators got away with 75 bitcoins, at the time worth just under $5 million US. Nobody really hurt, so no harm, right?
But that wasn’t the first and won’t be the last hack of an American energy infrastructure. Way back in 2007, the Department of Homeland Security (DHS) along with Idaho National Laboratory (INL) proposed a test, Aurora. DHS and INL set up a generator and invited hacktivists to hack it. It took about 3 minutes for hackers to destroy the generator. The video of the generator blowing itself to pieces is very entertaining.
Jump forward a few more years this time to a test of hackers versus a Jeep Cherokee in 2015, and this amusing and scary video shows who won that contest. This wasn’t a high-end Tesla with millions of lines of code controlling everything from battery discharge to navigation; this was a more run-of-the-mill car with embedded electronics meant to enhance the driver experience, not, as in the case of Tesla, supplant the driver. In addition to hacking vehicles, it is also apparently straightforward to hack EV charging stations (see CBC News and TechCrunch ).
For sure energy infrastructure is hackable, and transportation elements (cars, trains, planes) are also hackable. What is next?
I forecast that every home appliance or home-based energy system connected to the web will be the next hack target of opportunity and quite likely the next cyber war space.
Consider those fancy new refrigerators that are grid connected. The theory is that these appliances can be smarter and save you money by cutting energy consumption through electronic and information wizardry, allowing homeowners to even “see” remotely what’s inside their refrigerator? (My refrigerator is filled with many leftovers in various containers, and I don’t need to see that remotely. But that’s beside the point.) What happens now if someone hacks the smart refrigerator and adjusts the temperature controls and readouts? Instead of keeping milk cool at a safe temperature, what if the hacker makes the appliance warmer while fooling the user? Does the user end up drinking spoiled milk and getting ill, or does the user end up buying milk more frequently than otherwise necessary? With one attack, medical services could be stressed immensely; wiith the other attack, a slow consistent drain on the economy occurs.
How about all those Lithium-Ion (Li-Ion) battery packs going into homes. Li-Ion batteries can catch fire which can be difficult to extinguish. Imagine 20 million homes in America outfitted with Li-Ion battery packs with control systems connected to the web. Now further imagine some foreign government hack team attacking all those residential battery packs: 20 million home fires at the same time would be crippling to America’s emergency services and result in devasting financial losses in the insurance industry.
Every year, more and more devices and information are connected to the internet with the promise of “security” and “lower costs” on consumer items (meat, for example). I’m not sure about that anymore. So unsure that I’m happy to pedal my bike to my cabin in the woods, where I can light my wood cookstove for a meal and some warmth. The only hack I then have to worry about is someone wielding an axe to try to literally hack through my cabin door. That I can handle, but all the forthcoming digital demons and the internet of energy scare me more.
Happy Hackowe’en Everyone…
Shut Down Line 5!