Skip to main content
close search
site logo
Dive Brief

Lloyds: Cyber attack on US power grid could cost $1 trillion

Published July 17, 2015
Robert Walton's headshot
Senior Reporter
JacksonClerk

Dive Brief:

  • Lloyd's of London has issued a report aimed at informing the insurance industry as to the potential impacts of a widespread attack on the U.S. power grid, and finds the total economic loss could range from $243 billion up to $1 trillion in the most damaging scenarios.
  • Lloyd's overtly says its report is not a prediction and describes highly unlikely scenarios, but the fallout includes a rise in mortality rates, a decline in trade, disruption to water supplies and transportation chaos.
  • And the primary way in which the attack could be perpetrated is well-document and still exists: In 2007 the Idaho National Laboratory's Aurora Project showed that a remote attacker could damage generators by opening and closing certain circuit breakers to ultimately push a machine's rotating parts out of alignment.

Dive Insight:

The “Aurora vulnerability” was documented close to a decade ago, but the problem remains and the potential impacts are staggering, reports Lloyd's of London. Under the most extreme circumstances, the impacts would be felt for years and could cause up to $1 trillion in economic damage.

Perhaps the most startling aspect of the report is that it assumes the attackers are only successful in 10% of their attempts to access and disable sensitive equipment.

Lloyd's modeled out a potential attack that would leave 15 states in the dark, across an eastern seaboard swath that would include New York City and Washington, D.C. And while the scenario is unlikely, it is “technologically possible,” the firm said, and the odds against it are less than 200-to-1.

Those chances reflect the need for insurance companies to guard against possibly catastrophic events – the report isn't a doomsday prediction and the scenario is highly unlikely. But it highlights an existing vulnerability the United States' power grid is still trying to patch (and one the government may have inadvertently exacerbated not long ago).

Last summer the U.S. Department of Homeland Security mistakenly responded to a Freedom of Information Act on an unrelated topic and released more than 800 pages related to the so-called “Aurora vulnerability,” including the location of sensitive pieces of infrastructure that could be disabled.

While the industry is working to close the vulnerability, Lloyd's found that a relatively small success rate from hackers could be devastating.

In its hypothetical attack, the firm found that “despite only achieving a 10% success rate, the malware successfully infects over 70 generators by exploiting the systemic importance of control rooms, with each control room typically managing several generators.”

Such an attack could leave 93 million without power, Lloyd's found. And while improbable, the scenario is “technologically possible” and  predicts “a rise in mortality rates as health and safety systems fail; a decline in trade as ports shut down; disruption to water supplies as electric pumps fail and chaos to transport networks as infrastructure collapses."

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
The energy market in Saudi Arabia and the Persian Gulf will be managed by Czech company Unicorn
From Unicorn
October 23, 2024
8th Annual TMG Utility Forum Tackles Artificial Intelligence (AI)
From TMG, an RIA company
October 30, 2024
The 8th Annual US-Mexico Natural Gas Forum takes place November 11-13, in San Antonio, TX
From LDC Gas Forums
October 31, 2024
Clarity 3Q Capacity Additions by PNode lag EIA Forecasts due to absence of Wind
From CLARITY GRID SOLUTIONS, INC.
October 24, 2024
Editors' picks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell