Opinion: Technical Aspects of Lloyd’s Cyberattack Blackout Scenario Flawed
The Lloyd’s report on cyber implications of the electric grid serves a very important need to understand the insurance implications of a cyber attack against the electric grid. There have already been more than 250 control-system cyber incidents in the electric industry including 5 major cyber-related electric outages in the US.
There have been numerous studies on the economic impact of various outage durations, but they have not addressed issues associated with malicious causes. Consequently, there is a need to address the missing “malicious” aspects of grid outages. Unfortunately, I believe the technical aspects of the hypothesized attack in the Lloyd’s study are too flawed to be used.
According to the Lloyd’s report, “the Erebos (the name Lloyd’s assigned to the malware in its hypothetical) Cyber Blackout Scenario is an extreme event and is not likely to occur. The report is not a prediction and it is not aimed at highlighting particular vulnerabilities in critical national infrastructure. Rather, the scenario is designed to challenge assumptions of practitioners in the insurance industry and highlight issues that may need addressing in order to be better prepared for these types of events…. On the given day, the malware is activated and 50 generators are damaged in rapid succession.”
Read more at http://www.cyberrisknetwork.com/2015/07/16/technical-limitations-of-lloyds-cyberattack-blackout-scenario-report/
Weiss, Joseph M. ‘Opinion: Technical aspects of Lloyd’s cyberattack blackout scenario flawed’. ©2015 Cyber Risk Network. 23 July 2015.














