Can ISIS Attack Our Infrastructure?

This post is also available in: עברית (Hebrew)

ISIS hackers have proven in the past their ability to break into different websites or the accounts of military and government personel. The US is trying to cope with arrests or even targeting those criminals, but in the meantime the question must be asked: Are we close to the day when ISIS’ cyber fighters could not only publish personal information about state employees, but cause damage to something much more substantial?

According to CNN Money, ISIS hackers are attempting to penetrate the US energy grid to carry out cyberattacks and take down parts of the country’s energy supply, but have been unsuccessful so far.  “Strong intent. Thankfully, low capability,” John Riggi, a section chief in the FBI’s cyber division, told CNN about ISIS’ hacking attempts. “But the concern is that they’ll buy that capability.”

The FBI says that highly capable hacking software is available for purchase on the black market and could be used to hack networks associated with energy companies, fuel refineries, or water-pumping stations.

Because of the size and complexity of America’s utility grids, and a lack of due diligence, US infrastructure is vulnerable to advanced cyberattacks — from terrorists or, more likely, from rival governments that already have the necessary capabilities. A survey in 2013 found more than 500,000 potential targets for cyberattacks against computers associated with power plants, water treatment centers, traffic control towers, and various portions of the electrical grid.

As worrying as that sounds, however, the likelihood that ISIS could carry out a catastrophic cyberattack against the US energy grid remains incredibly small.

“Hackers can’t take down the entire, or even a widespread portion of the US electric grid,” Jonathan Pollet, an ethical hacker and a founder of Red Tiger Security, wrote for Business Insider. “From a logistical standpoint, this would be far too difficult to realistically pull off — and it’s not what we should be devoting our attention to.

“What is more realistic is for a cyberattack to cripple an individual utility, causing a blackout or disruption of service at the local level.”

Subscribe to our newsletter.