The Year Ahead/Technology

The Next Big Cyberattack Could Turn America’s Lights Off

Security experts say there’s evidence Russian hackers have breached U.S. utilities and nuclear power plants.

Retail-store employees in Kiev, Ukraine, read a ransomware demand for a payment of $300 worth of bitcoin on computers infected by the Petya software virus on June 28. — Retail-store employees in Kiev, Ukraine, read a ransomware demand for a payment of $300 worth of bitcoin on computers infected by the Petya software virus on June 28.
Photographer: Vincent Mundy/Bloomberg

Provide news feedback or report an error

Confidential tip?

Send a tip to our reporters

Site feedback:

Take our Survey

By Max Chafkin and Dune Lawrence

November 2, 2017 at 8:00 AM UTC

This article is for subscribers only.

This article is part of the November 6, 2017 issue of businessweek.

When a serious cyberattack against the U.S. begins, at first you’ll blame the weather, or an accident, or corporate incompetence. It’ll be a power outage that lasts a few hours at most. But things will start to get more unsettling when reports trickle out that the blackout is the work of hackers, most likely connected to the Russian government.

This isn’t science fiction—it happened in western Ukraine two years ago. That attack, the first known to take out an electrical grid, used malicious software known as a Trojan to briefly black out several hundred thousand people. The hack forced Ukrainians to start taking their country’s conflict with Russia much more seriously, says John Hultquist, director of intelligence analysis at security company FireEye Inc. The power outage, and another that followed in the capital in 2016, “took the front from the east to Kiev,” he says. “You can’t ignore it when the lights go out.”