How Drones Could Help Hackers Shut Down Power Plants
In the future, cyberattacks on power plants might be done with malware and flying hacker drones.
Illustration: Che Saitta-Zelterman
When hackers took down the power grid in parts of Ukraine last year, local authorities sent operators to manually switch on power, coordinating the recovery efforts via cellphone. But what if the attackers could jam the cellphone network—perhaps using drones?
That's the hypothetical, though realistic, scenario that a security researcher posited on Wednesday during a presentation at the Black Hat security conference in Las Vegas. In the future, warned researcher Jeff Melrose, drones will be used to support and amplify cyberattacks against critical infrastructure.
Using drones, "all kinds of attacks on field telemetry and sensors not only become affordable but doable," Melrose, who is the senior principal tech strategist for the security arm of Yokogawa, told me in an interview ahead of his talk. "I can have several of these [drones] basically blanket an area and you wouldn't receive anything from that particular section of your plant or pipeline."
"I could be three miles distance, but that drone is within the boundary of your electromagnetic transmission zone"
Melrose argues that drones are now advanced enough that they can be used to infiltrate structures that'd be harder to reach for humans on foot. Once in physical proximity of power plants and other critical infrastructure, hackers could use the drones to jam networks, disabling the ability of the plant's operators to get information from sensors, or communicate with human operators in the field.
All the hardware needed for that would be a consumer drone like the DJI Phantom 4 and a jammer, which is illegal but extremely easy to purchase online. With this hardware, an attacker could monitor with the drone's camera, use the drone to get close enough to WiFi networks so that it could join them and potentially break into the network, and other types of attacks.
"What this drone enables you to do is to basically be a relay point," Melrose said. "I could be three miles distance, but that drone is within the boundary of your electromagnetic transmission zone. So I can at distance relay to the drone, and it's my little minion within your boundary."
All these are theoretical—but feasible—attacks. This week, also at Black Hat, researchers showed off a $500 drone that they described as a "flying hacker laptop," capable of hacking into harder-to-reach networks.
Michael Toecker, a control systems engineer and consultant, said that the scenarios Melrose posits are "all realistic," and show that industrial facilities administrators "should look at their security measures to see if they've assumed 'a person,' where they must now think 'a flying drone.'"
"When security folks looked at the vulnerability of these radio signals, they could reasonably assume an adversary would have to hop a fence, dodge video surveillance, climb a tower, and stand near a transmitter," Toecker told me. "So, this was justification to not encrypt the communications, since the attacker would need to traverse all those obstacles, and if they were inside they would just do easier nastiness instead. However, a drone could be flown into the path of the transmitter, and use an onboard radio to avoid all the physical protections."
In the future, hackers might take advantage of drones to reach places they couldn't reach as easily before. And while this is, to a certain extent, all speculation, perhaps it's better to be prepared before it's too late.
In other words, as Melrose put it, it might be time for people involved in securing critical infrastructure to "move your physical security into the 21st century."