Crash Override: Could a Similar Cyber Weapon be Used Against a Nuclear Facility?

NTI monitors and assesses global cyberattacks as part of our work to address the growing and potentially catastrophic cyber threat to nuclear systems and facilities around the world. Alexandra Van Dine, program associate with NTI’s Scientific and Technical Affairs Program, writes about the potential implications of a troubling new cyberweapon.

 This week started off with a cyber “bang” with reports of a new and deeply concerning cyberweapon in The Washington Post, WIRED, and Reuters. The weapon—dubbed “Crash Override” by security researchers—is the second of its kind to directly target physical industrial control systems (ICS). It is believed to be linked to Russia, though no firm attribution has been made.

The first cyberweapon created to disrupt ICS was Stuxnet, the virus deployed against Iran’s Natanz uranium enrichment facility. For more on that attack and its implications (especially for nuclear security), see this paper I published on the topic.

Crash Override was first used  (to our knowledge) in December 2016 to attack Ukrenergo, the Ukrainian electric utility, according to two security research firms, Dragos Inc. and ESET (which refers to the malware as Industroyer). The result was a one-hour outage in parts of the capital city of Kiev. This consequence may seem relatively innocuous, but recent work by these security firms suggests it was a test for something more sinister.

The concern about Crash Override* is that it could be used to “automate mass power outages” on a far grander scale than Kiev, according to Andy Greenberg at WIRED. Experts believe the malware is crafted in such a way that components can be swapped in and out to adapt it for use against multiple electric utilities around the world, not just in Ukraine. In addition, the weapon can “speak” directly to grid components to shut power off or turn it back on, meaning it can cause blackouts quickly, with fewer people in the loop.

So what does this mean for the nuclear space? After all, the target in the December 2016 attack was an electric utility in Ukraine. How does this zoom out to the international nuclear community?

Crash Override illustrates that well-resourced and determined attackers are setting their sights on critical infrastructure. In this case, electrical utilities were targeted. In the future, a similar cyber weapon could be re-tooled and re-purposed for deployment against a vulnerable nuclear facility.

As renowned cryptographer Bruce Schneier says, technology is constantly evolving, especially in the cyber world: “Today’s NSA secrets become tomorrow’s PhD theses and the next day’s hacker tools.” In other words, as more people get access to a weapon, it can be modified and used for any number of purposes. 

If the Stuxnet virus past is any prologue, Crash Override is no one-trick pony.

*Cybergeeks will recognize the movie reference, but for those who don’t know, see the 1995 cult classic Hackers, one of Angelina Jolie’s first films.

For more on NTI’s work in the cyber arena, read our report, Outpacing Cyber Threats: Priorities for Cybersecurity at Nuclear Facilitieswhich lays out priorities for a new, overarching strategy to protect nuclear facilities.



June 13, 2017

Most Popular

Atomic Pulse


NTI President Joan Rohlfing reflects on the beauty and the lessons of Hiroshima following her first visit to the city for a roundtable with experts on reducing nuclear risks in North Korea and reducing reliance on nuclear weapons globally.