NTI monitors and assesses global cyberattacks as part of our work to address the growing and potentially catastrophic cyber threat to nuclear systems and facilities around the world. Alexandra Van Dine, program associate with NTI’s Scientific and Technical Affairs Program, writes about the potential implications of a troubling new cyberweapon.
This week started off with a cyber “bang” with reports of a new and deeply concerning cyberweapon in The Washington Post, WIRED, and Reuters. The weapon—dubbed “Crash Override” by security researchers—is the second of its kind to directly target physical industrial control systems (ICS). It is believed to be linked to Russia, though no firm attribution has been made.
The first cyberweapon created to disrupt ICS was Stuxnet, the virus deployed against Iran’s Natanz uranium enrichment facility. For more on that attack and its implications (especially for nuclear security), see this paper I published on the topic.
Crash Override was first used (to our knowledge) in December 2016 to attack Ukrenergo, the Ukrainian electric utility, according to two security research firms, Dragos Inc. and ESET (which refers to the malware as Industroyer). The result was a one-hour outage in parts of the capital city of Kiev. This consequence may seem relatively innocuous, but recent work by these security firms suggests it was a test for something more sinister.