There are four primary ways that a malevolent entity, whether it be terrorists or a foreign state, could go about attacking the United States or any country as a whole: military attack, medical epidemic, economic attack, or a cyberattack on the infrastructure. It’s the last on the list, the one that gets the least amount of attention from the people and the media, that was potentially launched in January when the US Department of Energy fell victim to hackers.
Hundreds of employees and contractors may have had their Personally Identifiable Information (PII) accessed by the hackers. Many are looking at this as another identity theft incident for some reason since no classified data was retrieved, but they’re missing the major point here. Currently, the best defense that the infrastructure that controls most components of our energy system is isolation. It’s extremely challenging for someone to overload Hoover Dam from a remote connection, for example. This is where there stolen PII comes into play.
If someone wanted to take down parts of the power grid, lock down a pipeline, or engage in countless other catastrophic activities pertaining to our energy infrastructure, the best way to go about doing it would be through real people. Having information about these people as the hackers now possess is a potentially disastrous weapon. People can be coerced. They can be bought. They can be unwitting accomplices to crimes. It’s likely how the US and Israel was able to infect the nuclear facilities with Stuxnet. It’s how the real “spy game” works in today’s day and age – through assets with access to sensitive computer systems that cannot be accessed from the outside.
The government is well aware of this and if they are able to identify everyone affected, there’s a good chance that they will try to use this as an opportunity to trace back the attackers to their source. It’s not something that you’ll ever see in declassified documents decades from now, let alone in the news today, as only the people behind the closed doors will even know what is being done to try to thwart these sort of attacks.
Unfortunately, there’s really no way to be sure that everything is being handled properly. Depending on when the hack was discovered and how quickly the victims were identified, it’s possible that there is already the foundations of an attack underway.
This isn’t meant to be an oddball conspiracy theory with the goal of stirring people into a panic. It is what it is, a statement of the possibilities when news like this is reported. There are dangers all around us. There are dangers associated with walking the dog. There’s no reason to be paranoid about what’s going on, not because it can’t hurt us but because in many cases there’s simply nothing we can do.
That doesn’t make it any less terrifying.