The world’s most prolific national grid hackers have nothing on squirrels
Security experts have long warned that hackers could pose major risks to government infrastructure, including the national grid. And while there have been a small number of genuine attributed cyberattacks on the world’s power infrastructure, that number is far smaller than the damage done by the animal kingdom.
That’s the conclusion of a talk by Cris “SpaceRogue” Thomas, a hacker turned security researcher at Tenable. At the Shmoocon security conference last week, Thomas presented his findings in a talk entitled “35 years of Cyberwar: The Squirrels Are Winning,” and the numbers do indeed speak for themselves – while verified hacking attacks are stuck in low single figures, squirrels have been responsible for 879.
The CyberSquirrel1 project was launched to “counteract the ludicrousness of cyberwar claims by people at high levels in government and industry,” according to Thomas. Initially, the account used Google news alerts to gather information about animal attacks and populated a spreadsheet, but it has now grown to use a whole bunch of sources to highlight the animal kingdom’s sabotage success rate.
As any good animal-based kids’ film will tell you, the squirrels couldn’t do it all on their own, or course. While they top the table, birds have been responsible for 434 outages, with snakes claiming responsibility for 83, racoons 72, and rats 36. At the bottom of the list, a jellyfish was responsible for a 2013 “attack” in Sweden.
In total, the combined animal-related outages have affected over five million people. “If you consolidated them into one location, it would basically take out the power for the San Francisco metropolitan area for two months,” Thomas explained.
These numbers put the quantity of outages confirmed at being caused by state actors into sharp relief: even if you include the Ukrainian attacks allegedly initiated by Russia alongside Stuxnet’s Iranian attack, frogs still narrowly beat humans in a 3-2 thriller.
The final slide of Thomas’ presentation sums up his point nicely: “Yes, there is a risk, (info and physical) security at most power companies is pretty appalling, but that risk is nowhere near the level of hype that cyberwar hawks have been spouting.”
In this context, presumably “hawks” refers to those aggressively seeking action, rather than a subsection of the 434 bird-related outages, but it doesn’t hurt to ask.
Image: Let’s Go Out Bournemouth and Poole, used under Creative Commons