Imagine one day, suddenly, light goes off in your house and you find out that is not a problem of the electric company, because it happened in the whole neighbourhood. In the whole city. In the whole country. And the disaster is not due a unespected error, it’s a cyberattack with a clear objective: destroy the electric supplies in Spain.
That was the theory considered this week regarding the big blackout in Argentina and, besides the possibility of a cyberattack has been almost discarded, have shown the world a new tenedency: the computer attacks directed to supply places and critical infrastructures from any country
The scenary could look futuristic, but it isn’t in the least. USA have already made some tests to see what would happen if the electric suppliers where attacked, while Spain have already suffered attempts of cyberattacks, admits the lack of defenses they have to confront them and have asked for help to a foreign company to prepare for future attacks. The new threat, is real: Spain, like any other developed country, can suffer a cyberattack to their basic supplies (water, light, airport…) at any time. The question now is how can the attacks happen and how to prevent them.
You can attack a spanish electric supply like this
The question is clear: are there any possibilities of a cyberattack that destroys a critical spanish infrastructure like the electric supplies? Not only there are ways to do it, they even happened already: the National Protection Center of Infrastructures and Cybersecurity, dependant of the inner ministery, admits to this journal that “have existed confirmed tries to access to this kind of infrastructures”, anyhow it is true that “in all cases, the attempts have been futile and prevently detected to react in time without the threat grow bigger”.
And talking about it, can it be shut down the supply of the spanish electric system? Someone showed evidence to this problem and is yes. In March 2011, the expert Rúben Santamarta gave an speech in Madrid where he showed how to knock down the spanish electric network. The method was different to what we could think: although we tend to imagine the cyberattack by brute force that knockd down the system with one blow, the method from Santamarta was different. His strategy was to access to the Programming Logical Drivers that commands the spanish electric netwrok system, seize control of them and weaken the supplies little by little. For example, he could lower the intensity of the supply while modifying the control panels, which wouldnt show any fault. So, while the responisbles of the cybersecurity of spanish electricity thinks that everything is fine because any alarm triggers, he would change the parameters and weakening the system until make it fall downin a concrete moment. This strategy was the same used by USA and Israel with Stuxnet, the attack that knocked down the supply of 1000 centrifuges of a nuclear plant in Iran.