Here’s a scary scenario: hackers gain access to the state’s power grid and knock the lights out. Regulators and grid operators take this possibility very seriously. Lawmakers also have considered the possibility and have potentially opened the door to expensive policy changes.
But according to many experts there exists an even more imminent threat.
“As far as I know, there’s only been one outage attributable to hackers,” said Tom Cross, chief technology officer at Drawbridge Networks, a cyber-security firm, speaking to the Washington Post. But, said Cross, there “absolutely” has been more than one blackout caused by squirrels.
Like hundreds and hundreds of them.
A tongue-in-cheek website, CyberSquirrel1.com, has begun shedding light on the disparity between the perceived risk to power grids from cyber-attacks and the actual real world threat of squirrels. When a squirrel crosses a line and gets zapped, it often also burns out the line and causes an outage. CyberSquirreil1 reports 702 such “squirrel operations” worldwide, as opposed to perhaps one or two operations by nation states — and even those occurred far from U.S. shores.
The possible nation-state operations listed on cybersquirrel1.com include the Stuxnet worm that apparently sabotaged Iran’s nuclear program in 2007 and another possible, unrelated cyber event from 2015 in the Ukraine. The non-nation-state “operations” listed by CyberSquirrel1 include 702 from squirrels, 277 by birds, 53 by raccoons, 51 by snakes, 32 by rats and 13 by Martens.
The website includes an interactive map that “lists all unclassified Cyber Squirrel Operations that have been released to the public that we have been able to confirm.”
The website was created by an anonymous industry professional who expressed fatigue with the overheated rhetoric he or she kept hearing regarding the threat of cyber warfare on power grids. Although cybersquirrel1.com may seem frivolous, it highlights an important policy debate: experts agree that grid security is important, but many experts also stress that those risks should not be overstated. Policies emerging from paranoia, panic or overheated threat assessments can both be costly and miss the mark.
Speaking to the Washington Post, the creator of CyberSquirrel1.com agreed that the risk of cyber grid attacks deserves attention — “just nowhere near the attention that [it] has been getting from the cyber-war hawks.”
Also posted on the website is a quote by John C. Inglis, a former deputy director of the National Security Agency, who states: “I don’t think paralysis [of the electrical grid] is more likely by cyber-attack than by natural disaster. And frankly the number-one threat experienced to date by the US electrical grid is squirrels.”