Did the U.S. Bring Down Venezuela’s Power Grid?

It’s possible. It may even be likely. However, it would be very difficult to prove U.S. involvement in Venezuela’s recent power outages. Yes, U.S. intelligence has the tools to bring down the power grid of any country. (See my article on Nitro Zeus.) Unfortunately, a number of other cyber players have similar technologies. These include Russia, China, Iran, and, probably, Israel, but it is unlikely that these countries would gain much from bringing down Venezuela’s power grid. Of course, you can’t discount the possibility that this under-maintained power grid just collapsed or was otherwise sabotaged. Those are screens that any cyber attacker could hide behind.

So if the failure was due to a cyber attack, how would it be implemented? How would such infrastructure-destroying malware actually work? Without going into too many technical details, such malware operates by altering the operating parameters of critical machinery and causing it to malfunction or break down completely. The equipment doesn’t need to be connected to the internet for this to happen, but it should have programmable components. Most technical machinery these days contains programmable logic controllers (PLC) through which correct operating parameters for machinery are set. These controllers and their parameters are the targets of the malware. Supervisory Control and Data Acquisition SCADA) systems oversee these controllers and other major components of an infrastructure’s network and are, of themselves, targets for attackers planning to gain control of a power station or other major infrastructure component. It is also possible that the manufacturers of key elements of infrastructure machinery are targeted and their products altered by attackers at the production level to make them malfunction after they are installed.

The first time such an infrastructure attack occured was with the infamous Stuxnet worm. The story is that Stuxnet was installed by someone finding a USB stick in the parking lot. In Venezuela, it would be far easier to find someone who would cooperate with U.S. intelligence and use an infected USB to install the malware. My guess is that there would be no lack of volunteers, but malware could have been installed in any number of ways. Multiple attack vectors could have been exploited.

Eighty percent of Venezuela’s power is generated by the Simón Bolívar Hydroelectric Plant, the third biggest hydroelectric power station in the world. That’s good news and bad news. The good news is that it produces so much power. The bad news is that if an attacker could take it out, they could take out Venezuela.

But couldn’t the grid have simply broken down on its own? That’s entirely possible. It definitely  has not been well-maintained. This is why Venezuela has experienced blackouts in the past. There have also been some instances of sabotage. However, the timing of these recent blackouts seems too precise and the outages too widespread to be a result of a simple maintenance accident or minor sabotage. Nonetheless, poor maintenance can’t be ruled out completely.

Below is a diagram showing the control system architecture of a hydroelectric plant. In effect, it shows what areas can be accessed and altered by an attacker. Notice the area named “control, measurement, and alarms”. Previous infrastructure attacks targeted this area. Some attacks, like the one on the Saudi oil industry, prevented safety alarms from functioning so that the people operating the system never saw that anything was amiss. The same thing could have happened during the most recent outages in Venezuela. According to some reports, as power was being restored, three transformers somehow caught fire. This occurred despite the fact that the area was surrounded by troops who were there to protect the area, making it unlikely that people started these fires. In fact, it would have been easier to have these transformers overheat by disabling alarms, but, again, they simply could have all failed for other reasons.

The diagram shows the possible vulnerabilities in a system that would operate hydroelectric turbines. Although President Nicolas Maduro has claimed the grid was taken down by a U.S. cyber attack, he has given no details to prove this one way or the other. On the other hand, Communications Minister Jorge Rodriguez stated that the ARDAS computer control system for the turbines was targeted which caused three of five turbines to shut down during rush hour, causing widespread chaos. Rodriguez claims that he has evidence for the U.S. being involved in the power grid takedown and is planning to give this evidence to the United Nations Human Rights Commission.

All subsequent power outages could be the result of a continued cyber attack or the result of problems associated with restarting a major power grid. Restarting a large grid can put stress on a number of grid components causing them to fail and re-instigating further blackouts in what is sometimes referred to as ‘cascading outages’. If, however, the continuing blackouts are related to a cyber attack, they may be harder to resolve. In fact, Rodriquez has claimed that malware was found in other components of the grid. How did he identify this? Good malware is designed to hide and it is not unusual for it to remain hidden for many months. If this is the case, no matter what the Venezuelan government does, the country will continue to experience periodic blackouts.

When asked directly if a U.S. cyber attack was behind the power failures, U.S, Secretary of State, Mike Pompeo, only responded, “the system has had problems for a very long time”, which is true, but which does not actually answer the question. So why not just admit it? What could Venezuela do in response? Probably not much.

There are two main reasons why the U.S, wouldn’t admit to being behind a cyber attack. First of all, they would, in effect, be claiming responsibility for any collateral damage associated with the attack. According to some sources, at least 26 people died during the blackouts, six of them babies. Stores were looted. Property was destroyed. Schools and businesses were shut down.

The second reason for not admitting to a cyber attack would be for fear of retaliation, not by Venezuela, but by Russia, China, and Iran. Maduro claims that he has asked Russia, China, and Iran to help in investigating the outages. Russia then sent in 100 military troops and technicians. China has also been giving assistance. What do they know that the Venezuelan government doesn’t know? Basically, they know how to identify an infrastructure cyber attack, since they have similar cyber weapons in their arsenals.

Retaliation would not have to be in the form of a cyber attack on the U.S. It could simply be achieved by exposing the U.S. as the perpetrator and then connecting them to the related deaths and social problems the attack caused. All of these countries have a shared goal of putting the U.S. in a bad light. Doing so could, they hope, put pressure on the U.S, to withdraw its support for opposition leader, Guaido. At the same time, pressure is mounting on President Trump to take some action to help the Venezuelan people. So, even if the U.S. government wanted to take credit for undermining the Venezuelan government with a cyber attack, they cannot.

Any attempts to link a cyber attack to the U.S. will fail. Attribution is nearly impossible, especially when the attacker is sophisticated enough to hide attack components and put false flags into the code. Most good malware also has self-destruct mechanisms which will remove all traces of itself from the infected system. It would be no problem, for example, for U.S. intelligence to make the attack appear as if it came from Russia and remove all traces of a U.S. connection. This happens all the time.

Will we ever really know if the U.S. has hacked the Venezuelan power grid? Not unless the U.S. government decides to admit it. Even now, no one is absolutely sure that the U.S. and Israel were behind the Stuxnet attack, even though most experts concur that the evidence points in their direction.

In fact, there is a lot more that the U.S. could do to the Venezuelan infrastructure if they really wanted to. They may be setting up other cyber attacks even as you are reading this. One thing we can be sure of in this nebulous landscape. If we begin seeing other key infrastructure components begin to fail, we can be almost sure that the U.S. cyberforce is behind it. Almost sure.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s