Low-budget Energy Sector Cyberattacks via Open Source Exploitation

Modern cyber warfare involves penetration of a nation’s computers and networks, aiming to cause extensive damage and/or disruption. Such actions are generally deemed feasible only by resource-wealthy nation state actors. In this work, we challenge this perception and introduce a methodology dubbed Open Source Exploitation (OSEXP), which leverages public infrastructure to execute an advanced cyber attack on critical infrastructure. In particular, we characterize and verify an effective and reusable OSEXP attack vector based on time spoofing of Global Positioning System (GPS) signals. Our GPS attack employs commercial devices and open source software, and manipulates the time synchronization of carefully selected power grid equipment in a manner that can lead to large scale blackouts. We experimentally verify the feasibility of our GPS OSEXP methodology, and demonstrate that an actor with limited budget has the ability to cause significant disruption to a nation.