ORLANDO, Fla. — Nationwide, we’re seeing an increase in cyberattacks to our power grid.
Just in the last two years, Florida has seen at least three ‘cyber events’ to its power grid, according to U.S. Department of Energy data.
In April this year, there was a cyber-attack to the energy grid in Orange County. The government doesn’t release many more details, including which company experienced the attack and who the possible hacker was.
▶ WATCH CHANNEL 9 EYEWITNESS NEWS
With this, an Orlando cybersecurity firm is raising concerns about the vulnerabilities of America’s power grid.
The power that gets to your home isn’t just generators and electric lines. It’s computers and programs deciding how and when to send that power. But how safe is the code companies use?
More and more rely on what’s called open source to develop their code. It’s like it sounds—it’s open.
Think of code like building blocks. You can get a little bit of code here. A little bid of code from there to build the final software product. But where is that code coming from?
Read: St. Augustine construction crews find boat from the 1800s buried underground
Orlando based Fortress Information Security explained that any “kid” with internet can contribute their “block” that then can be developed into software used in America’s critical infrastructure. A “block”, one of these code components, can risk the whole structure-- our energy grid.
“A Chinese agent or a Russian agent can install backdoors into one of these components. And then unbeknownst to a software manufacturer, you grab this component, which has been tampered with and poisoned by Russian or Chinese actor and now they put that component into their software, and it ends up in our electrical grid or, or an oil rig,” said Alex Santos, CEO of Fortress Information Security.
The company analyzed nearly 8,000 of these open-source components. 13 percent had contributions from Russia and China. Fortress found about 90 percent of software used to manage the U.S. power grid is linked to Russian and Chinese developers—something that can make it three times as likely to contain critical vulnerabilities.
Read: Florida citrus forecast improves over last year when hurricanes hit state
“How concerning is this?” Channel 9 asked.
“Very concerning. President Biden unveiled his cyber strategy earlier this year, the word s-bomb, which is code for the software vulnerabilities appeared virtually on every page of this think it was a 14-page document,” Santos said.
Fortress’ researchers estimate the cost to replace the questionable and bad code could be a 40-billion dollars.
Read: ‘A difficult decision to make’: Orlando Police Department retires horse-mounted patrol unit
But Santos says not just money will fix the industry’s reliance on open-source code. The flaws are engrained in industry culture.
“So the culture is to develop software as quickly as possible to be competitive. But no one’s really paying attention to who’s delivering the best security,” Santos said.
Click here to download our free news, weather and smart TV apps. And click here to stream Channel 9 Eyewitness News live.