Lloyd’s and the University of Cambridge’s Centre for Risk Studies have published a joint report into the implications of a successful widespread cyber attack on the US power grid.
The report publishes details of the expected impacts of a hypothetical scenario where a cyber attack induced electricity blackout plunges 15 US states, including New York City and Washington DC, into darkness and leaves 93 million people without power.
The scenario, while improbable, is technologically possible, says the report, and would result in the following impacts:
- There would be a rise in mortality rates as health and safety systems fail; a decline in trade as ports shut down; disruption to water supplies as electric pumps fail and chaos to transport networks as infrastructure collapses.
- In the scenario, while power is restored to some areas within 24 hours, other parts of the region remain without electricity for a number of weeks.
- Economic impacts include direct damage to assets and infrastructure, decline in sales revenue to electricity supply companies, loss of sales revenue to business and disruption to the supply chain.
- The total impact to the US economy is estimated at $243bn, rising to more than $1trn in the most extreme version of the scenario.
The report analyses the implications of these direct and indirect consequences on insurance losses. The total of claims paid by the insurance industry is estimated at $21.4bn, rising to $71.1bn in the most extreme scenario version.
Read the full report (PDF).
This report demonstrates that cyber attacks are now capable of inflicting damages that greatly exceed just data theft, they can now disrupt the lives of everyone in the world and even lead to the loss of life. To prevent major losses and human tragedies, organizations need to realise that current models used to secure data centers / centres and systems are ineffective, fail to provide needed visibility and simply cannot defend against today’s cyber threats.
It is time to recognise that, to win the cyberwar, we need to fundamentally rethink our approach to security and adopt a unified nation-first, vendor-second approach, otherwise our economy and our very way of life will suffer drastically.
Alan Cohen, CCO of cybersecurity company Illumio
"Legacy security solutions such as firewalls, used extensively by organizations responsible for protecting data and systems, are repeatedly failing to stop these large scale attacks. Research and observations we've conducted show that many attacks are sophisticated in nature and have the advantage of strong financial and nation-state backing, but in many cases simple, amateurish attacks can just as easily penetrate through perimeter defences and make their way deep inside data centers, where valuable information and systems are under protected."
Chandra Sekar, director of security research at cybersecurity company Illumio