Business Blackout, economic impact of a cyber attack against a power grid

What will happen if hackers will hit critical infrastructure in the US, which will be the economic impact of a cyber attack against a power grid?

According to a poll done by Morning Consult firm, cyber attacks are just behind terrorism attacks on the list of biggest threats to the US, it has been estimated that the insurance industry could face losses of about $21 billion. That poll was conducted in the period between May 29 and May 31 by interviewing a national sample of 2,173 registered voters.

Nearly 36 percent of voters consider acts of terrorism atop a list of major security threats, followed by cyber attacks at 32 percent.

According to the Lloyd’s of London, cyber attacks would have a significant impact on multiple types of insurance

As reported in the “Business Blackout“, a joint report by Lloyd’s and the University of Cambridge’s Centre for Risk Studies, the insurance implications of a cyber attack on the US power grid could have a catastrophic impact.

The “Business Blackout” report tries to describe the impacts of a cyber attack on the national power grid, which causes an electrical blackout that plunges 15 US states and principal cities, including New York City and Washington DC, into darkness. Nearly 93 million people will remain without power in the scenario hypothesized by the study.

The experts simulate a malware-based attack which is able to infect the imaginary ‘Erebos’ trojan electricity generation control rooms in several locations in the Northeastern United States. The attack will cause health and safety systems fail, disrupting water supplies as electric pumps fail. The chaos will reign causing the failure of main services, including transportation. The malware is able to infect the Internet and search and compromise 50 generators that it will destroy, causing prolonged outages in the region.

The total of claims paid by the insurance industry is estimated to be included in the interval comprised between $21.4bn and $71.1bn, depending on the evolution of the scenarios designed by the researchers.

In this scenario, the researchers estimated the economic losses could range from $243 million to $1 trillion, depending on the number of components in the power grid compromised by the attack.

“Economic impacts include direct damage to assets and infrastructure, decline in sales revenue to electricity supply companies, loss of sales revenue to business and disruption to the supply chain. The total impact to the US economy is estimated at $243bn, rising to more than $1trn in the most extreme version of the scenario.” states the report.

The researchers analyzed the “historical outages” estimating that currently the power interruptions, most of which last five minutes or less, already cost the US about $96 billion. The cost related to a prolonged outage is likely to be included in the range of $36 billion to $156 billion. The Commercial and industrial sectors are the sectors most impacted by the attack on the power grid due to their dependency on the electricity supply.

“Evidence from historical outages and indicative modelling suggests that power interruptions already cost the US economy roughly $96bn8 annually.9 However, uncertainty and sensitivity analysis suggest this figure may range from $36bn to $156bn.” continues the report. “Currently over 95% of outage costs are borne by the commercial and industrial sectors due to the high dependence on electricity as an input factor of production.”

It is the first time that the insurance industry propose a similar report, the estimates provided are merely indicative due to the large number of factor that can influence the cost, anyway it is important to understand the hish risks of a cyber attack against a critical infrastructure like a power grid and the necessity to adopt an effective cyber strategy to improve their security.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Power Grid, critical infrastructure)

[adrotate banner=”13″]