{"687881":{"#nid":"687881","#data":{"type":"news","title":"Hacking the Grid: How Digital Sabotage Turns Infrastructure Into a\u00a0Weapon","body":[{"value":"\u003Cdiv class=\u0022theconversation-article-body\u0022\u003E\u003Cp\u003EThe darkness that swept over the Venezuelan capital in the predawn hours of Jan. 3, 2026, signaled a profound shift in the nature of modern conflict: the convergence of physical and cyber warfare. While U.S. special operations forces carried out the dramatic \u003Ca href=\u0022https:\/\/www.nytimes.com\/2026\/01\/03\/us\/politics\/trump-capture-maduro-venezuela.html\u0022\u003Eseizure of Venezuelan President Nicol\u00e1s Maduro\u003C\/a\u003E, a far quieter but equally devastating offensive was taking place in the unseen digital networks that help operate Caracas.\u003C\/p\u003E\u003Cp\u003EThe blackout was not the result of bombed transmission towers or severed power lines but rather a \u003Ca href=\u0022https:\/\/www.nytimes.com\/2026\/01\/15\/us\/politics\/cyberattack-venezuela-military.html\u0022\u003Eprecise and invisible manipulation\u003C\/a\u003E of the industrial control systems that manage the flow of electricity. This synchronization of traditional military action with advanced cyber warfare represents a new chapter in international conflict, one where lines of computer code that manipulate critical infrastructure are among the most potent weapons.\u003C\/p\u003E\u003Cp\u003ETo understand how a nation can turn an adversary\u2019s lights out without firing a shot, you have to look inside the controllers that regulate modern infrastructure. They are the digital brains responsible for opening valves, spinning turbines and routing power.\u003C\/p\u003E\u003Cp\u003EFor decades, controller devices were considered simple and isolated. Grid modernization, however, has transformed them into sophisticated internet-connected computers. As a \u003Ca href=\u0022https:\/\/scholar.google.com\/citations?hl=en\u0026amp;user=kgFnNewAAAAJ\u0026amp;view_op=list_works\u0026amp;sortby=pubdate\u0022\u003Ecybersecurity researcher\u003C\/a\u003E, I track how advanced cyber forces exploit this modernization by using digital techniques to control the machinery\u2019s physical behavior.\u003C\/p\u003E\u003Ch2\u003EHijacked Machines\u003C\/h2\u003E\u003Cp\u003EMy colleagues and I have demonstrated how malware can compromise a controller to \u003Ca href=\u0022https:\/\/doi.org\/10.14722\/ndss.2017.23313\u0022\u003Ecreate a split reality\u003C\/a\u003E. The malware intercepts legitimate commands sent by grid operators and replaces them with malicious instructions designed to destabilize the system.\u003C\/p\u003E\u003Cp\u003EFor example, malware could send commands to rapidly open and close circuit breakers, a technique known as \u003Ca href=\u0022https:\/\/www.systemoverflow.com\/learn\/resilience-patterns\/circuit-breaker\/circuit-breaker-failure-modes-flapping-stampedes-and-retry-amplification\u0022\u003Eflapping\u003C\/a\u003E. This action can physically damage massive transformers or generators by causing them to overheat or go out of sync with the grid. These actions can cause fires or explosions that take months to repair.\u003C\/p\u003E\u003Cp\u003ESimultaneously, the malware calculates what the sensor readings should look like if the grid were operating normally and feeds these fabricated values back to the control room. The operators likely see green lights and stable voltage readings on their screens even as transformers are overloading and breakers are tripping in the physical world. This decoupling of the digital image from physical reality leaves defenders blind, \u003Ca href=\u0022https:\/\/doi.org\/10.1109\/TSG.2013.2280399\u0022\u003Eunable to diagnose or respond\u003C\/a\u003E to the failure until it is too late.\u003C\/p\u003E\u003Cfigure class=\u0022align-center zoomable\u0022\u003E\u003Cp\u003E\u003Ca href=\u0022https:\/\/images.theconversation.com\/files\/713761\/original\/file-20260121-56-lzml1u.png?ixlib=rb-4.1.0\u0026amp;q=45\u0026amp;auto=format\u0026amp;w=1000\u0026amp;fit=clip\u0022\u003E\u003Cimg alt=\u0022people wearing hardhats in front of electrical equipment the size of a small house\u0022 src=\u0022https:\/\/images.theconversation.com\/files\/713761\/original\/file-20260121-56-lzml1u.png?ixlib=rb-4.1.0\u0026amp;q=45\u0026amp;auto=format\u0026amp;w=754\u0026amp;fit=clip\u0022 srcset=\u0022https:\/\/images.theconversation.com\/files\/713761\/original\/file-20260121-56-lzml1u.png?ixlib=rb-4.1.0\u0026amp;q=45\u0026amp;auto=format\u0026amp;w=600\u0026amp;h=374\u0026amp;fit=crop\u0026amp;dpr=1 600w, https:\/\/images.theconversation.com\/files\/713761\/original\/file-20260121-56-lzml1u.png?ixlib=rb-4.1.0\u0026amp;q=30\u0026amp;auto=format\u0026amp;w=600\u0026amp;h=374\u0026amp;fit=crop\u0026amp;dpr=2 1200w, https:\/\/images.theconversation.com\/files\/713761\/original\/file-20260121-56-lzml1u.png?ixlib=rb-4.1.0\u0026amp;q=15\u0026amp;auto=format\u0026amp;w=600\u0026amp;h=374\u0026amp;fit=crop\u0026amp;dpr=3 1800w, https:\/\/images.theconversation.com\/files\/713761\/original\/file-20260121-56-lzml1u.png?ixlib=rb-4.1.0\u0026amp;q=45\u0026amp;auto=format\u0026amp;w=754\u0026amp;h=470\u0026amp;fit=crop\u0026amp;dpr=1 754w, https:\/\/images.theconversation.com\/files\/713761\/original\/file-20260121-56-lzml1u.png?ixlib=rb-4.1.0\u0026amp;q=30\u0026amp;auto=format\u0026amp;w=754\u0026amp;h=470\u0026amp;fit=crop\u0026amp;dpr=2 1508w, https:\/\/images.theconversation.com\/files\/713761\/original\/file-20260121-56-lzml1u.png?ixlib=rb-4.1.0\u0026amp;q=15\u0026amp;auto=format\u0026amp;w=754\u0026amp;h=470\u0026amp;fit=crop\u0026amp;dpr=3 2262w\u0022 sizes=\u0022(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px\u0022\u003E\u003C\/a\u003E\u003C\/p\u003E\u003Cfigcaption\u003E\u003Cspan class=\u0022caption\u0022\u003EToday\u2019s electrical transformers are accessible to hackers.\u003C\/span\u003E \u003Ca class=\u0022source\u0022 href=\u0022https:\/\/www.gao.gov\/products\/gao-23-106180\u0022\u003E\u003Cspan class=\u0022attribution\u0022\u003EGAO\u003C\/span\u003E\u003C\/a\u003E\u003C\/figcaption\u003E\u003C\/figure\u003E\u003Cp\u003EHistorical examples of this kind of attack include the \u003Ca href=\u0022https:\/\/industrialcyber.co\/industrial-cyber-attacks\/zetter-details-how-stuxnet-marked-a-turning-point-in-cyberwarfare-by-enabling-physical-sabotage-through-code\/\u0022\u003EStuxnet\u003C\/a\u003E malware that targeted Iranian nuclear enrichment plants. The malware destroyed centrifuges in 2009 by causing them to spin at dangerous speeds while feeding false \u201cnormal\u201d data to operators.\u003C\/p\u003E\u003Cp\u003EAnother example is the \u003Ca href=\u0022https:\/\/www.securityweek.com\/industroyer-ics-malware-linked-ukraine-power-grid-attack\/\u0022\u003EIndustroyer\u003C\/a\u003E attack by Russia against Ukraine\u2019s energy sector in 2016. Industroyer malware targeted Ukraine\u2019s power grid, using the grid\u2019s own industrial communication protocols to directly open circuit breakers and cut power to Kyiv.\u003C\/p\u003E\u003Cp\u003EMore recently, the \u003Ca href=\u0022https:\/\/www.securityweek.com\/china-admitted-to-us-that-it-conducted-volt-typhoon-attacks-report\/\u0022\u003EVolt Typhoon\u003C\/a\u003E attack by China against the United States\u2019 critical infrastructure, exposed in 2023, was a campaign focused on pre-positioning. Unlike traditional sabotage, these hackers infiltrated networks to remain dormant and undetected, gaining the ability to disrupt the United States\u2019 communications and power systems during a future crisis.\u003C\/p\u003E\u003Cp\u003ETo defend against these types of attacks, the U.S. military\u2019s Cyber Command has adopted a \u201c\u003Ca href=\u0022https:\/\/theconversation.com\/government-cybersecurity-commission-calls-for-international-cooperation-resilience-and-retaliation-133610\u0022\u003Edefend forward\u003C\/a\u003E\u201d strategy, actively hunting for threats in foreign networks before they reach U.S. soil.\u003C\/p\u003E\u003Cp\u003EDomestically, the Cybersecurity and Infrastructure Security Agency promotes \u201csecure by design\u201d principles, urging manufacturers to eliminate default passwords and utilities to implement \u201c\u003Ca href=\u0022https:\/\/theconversation.com\/zero-trust-security-assume-that-everyone-and-everything-on-the-internet-is-out-to-get-you-and-maybe-already-has-160969\u0022\u003Ezero trust\u003C\/a\u003E\u201d architectures that assume networks are already compromised.\u003C\/p\u003E\u003Ch2\u003ESupply Chain Vulnerability\u003C\/h2\u003E\u003Cp\u003ENowadays, there is a vulnerability lurking within the \u003Ca href=\u0022https:\/\/www.wired.com\/story\/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever\/\u0022\u003Esupply chain of the controllers themselves\u003C\/a\u003E. A dissection of firmware from major international vendors reveals a significant reliance on third-party software components to support modern features such as encryption and cloud connectivity.\u003C\/p\u003E\u003Cp\u003EThis modernization comes at a cost. Many of these critical devices run on outdated software libraries, some of which are years \u003Ca href=\u0022https:\/\/doi.org\/10.1109\/MSEC.2023.3266775\u0022\u003Epast their end-of-life support\u003C\/a\u003E, meaning they\u2019re no longer supported by the manufacturer. This creates a shared fragility across the industry. A vulnerability in a single, \u003Ca href=\u0022https:\/\/www.heartbleed.com\/\u0022\u003Eubiquitous library like OpenSSL\u003C\/a\u003E \u2013 an open-source software toolkit used worldwide by nearly every web server and connected device to encrypt communications \u2013 can expose controllers from multiple manufacturers to the same method of attack.\u003C\/p\u003E\u003Cp\u003EModern controllers have become web-enabled devices that often host their own administrative websites. These embedded web servers present an often overlooked point of entry for adversaries.\u003C\/p\u003E\u003Cp\u003EAttackers can infect the web application of a controller, allowing the malware to execute within the web browser of any engineer or operator who logs in to manage the plant. This execution enables malicious code to piggyback on legitimate user sessions, bypassing firewalls and issuing commands to the physical machinery without requiring the device\u2019s password to be cracked.\u003C\/p\u003E\u003Cp\u003EThe scale of this vulnerability is vast, and the potential for damage extends far beyond the power grid, including \u003Ca href=\u0022https:\/\/doi.org\/10.1145\/3658644.3690267\u0022\u003Etransportation\u003C\/a\u003E, \u003Ca href=\u0022https:\/\/doi.org\/10.1145\/3719027.3744837\u0022\u003Emanufacturing\u003C\/a\u003E and \u003Ca href=\u0022https:\/\/doi.org\/10.1109\/ICCPS48487.2020.00011\u0022\u003Ewater treatment\u003C\/a\u003E systems.\u003C\/p\u003E\u003Cp\u003EUsing automated scanning tools, my colleagues and I have discovered that the number of industrial controllers exposed to the public internet is significantly \u003Ca href=\u0022https:\/\/doi.org\/10.1145\/3658644.3690195\u0022\u003Ehigher than industry estimates suggest\u003C\/a\u003E. Thousands of critical devices, from hospital equipment to substation relays, are visible to anyone with the right search criteria. This exposure provides a rich hunting ground for adversaries to conduct reconnaissance and identify vulnerable targets that serve as entry points into deeper, more protected networks.\u003C\/p\u003E\u003Cp\u003EThe success of recent U.S. cyber operations forces a difficult conversation about the vulnerability of the United States. The uncomfortable truth is that the American power grid relies on the same technologies, protocols and supply chains as the systems compromised abroad.\u003C\/p\u003E\u003Cfigure\u003E\u003Cp\u003E\u003Ciframe width=\u0022440\u0022 height=\u0022260\u0022 src=\u0022https:\/\/www.youtube.com\/embed\/wnhCuYRYCdM?wmode=transparent\u0026amp;start=0\u0022 frameborder=\u00220\u0022 allowfullscreen=\u0022\u0022\u003E\u003C\/iframe\u003E\u003C\/p\u003E\u003Cfigcaption\u003E\u003Cspan class=\u0022caption\u0022\u003EThe U.S. power grid is vulnerable to hackers.\u003C\/span\u003E\u003C\/figcaption\u003E\u003C\/figure\u003E\u003Ch2\u003ERegulatory Misalignment\u003C\/h2\u003E\u003Cp\u003EThe domestic risk, however, is compounded by regulatory frameworks that struggle to address the realities of the grid. A comprehensive investigation into the U.S. electric power sector my colleagues and I conducted revealed \u003Ca href=\u0022https:\/\/doi.org\/10.1145\/3719027.3765184\u0022\u003Esignificant misalignment\u003C\/a\u003E between compliance with regulations and actual security. Our study found that while regulations establish a baseline, they often foster a checklist mentality. Utilities are burdened with excessive documentation requirements that divert resources away from effective security measures.\u003C\/p\u003E\u003Cp\u003EThis regulatory lag is particularly concerning given the rapid evolution of the technologies that connect customers to the power grid. The widespread adoption of distributed energy resources, such as residential solar inverters, has created a large, decentralized vulnerability that current regulations barely touch.\u003C\/p\u003E\u003Cp\u003EAnalysis supported by the Department of Energy has shown that these devices \u003Ca href=\u0022https:\/\/www.energy.gov\/ceser\/office-cybersecurity-energy-security-and-emergency-response\u0022\u003Eare often insecure\u003C\/a\u003E. By compromising a relatively small percentage of these inverters, my colleagues and I found that an attacker could manipulate their power output to \u003Ca href=\u0022https:\/\/doi.org\/10.1109\/NAPS66256.2025.11272195\u0022\u003Ecause severe instabilities\u003C\/a\u003E across the distribution network. Unlike centralized power plants protected by guards and security systems, these devices sit in private homes and businesses.\u003C\/p\u003E\u003Ch2\u003EAccounting for the Physical\u003C\/h2\u003E\u003Cp\u003EDefending American infrastructure requires moving beyond the compliance checklists that currently dominate the industry. Defense strategies now require a level of sophistication that matches the attacks. This implies a fundamental shift toward security measures that take into account \u003Ca href=\u0022https:\/\/doi.org\/10.14722\/ndss.2014.23043\u0022\u003Ehow attackers could manipulate physical machinery\u003C\/a\u003E.\u003C\/p\u003E\u003Cp\u003EThe integration of internet-connected computers into power grids, factories and transportation networks is creating a world where the line between code and physical destruction is irrevocably blurred.\u003C\/p\u003E\u003Cp\u003EEnsuring the resilience of critical infrastructure requires accepting this new reality and building defenses that verify every component, rather than unquestioningly trusting the software and hardware \u2013 or the green lights on a control panel.\u003C!-- Below is The Conversation\u0027s page counter tag. Please DO NOT REMOVE. --\u003E\u003Cimg style=\u0022border-color:!important;border-style:none;box-shadow:none !important;margin:0 !important;max-height:1px !important;max-width:1px !important;min-height:1px !important;min-width:1px !important;opacity:0 !important;outline:none !important;padding:0 !important;\u0022 src=\u0022https:\/\/counter.theconversation.com\/content\/272874\/count.gif?distributor=republish-lightbox-basic\u0022 alt=\u0022The Conversation\u0022 width=\u00221\u0022 height=\u00221\u0022 referrerpolicy=\u0022no-referrer-when-downgrade\u0022\u003E\u003C!-- End of code. If you don\u0027t see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https:\/\/theconversation.com\/republishing-guidelines --\u003E\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\u003Cp\u003E\u003Cem\u003EThis article is republished from \u003C\/em\u003E\u003Ca href=\u0022https:\/\/theconversation.com\u0022\u003E\u003Cem\u003EThe Conversation\u003C\/em\u003E\u003C\/a\u003E\u003Cem\u003E under a Creative Commons license. Read the \u003C\/em\u003E\u003Ca href=\u0022https:\/\/theconversation.com\/hacking-the-grid-how-digital-sabotage-turns-infrastructure-into-a-weapon-272874\u0022\u003E\u003Cem\u003Eoriginal article\u003C\/em\u003E\u003C\/a\u003E\u003Cem\u003E.\u003C\/em\u003E\u003C\/p\u003E\u003C\/div\u003E","summary":"","format":"full_html"}],"field_subtitle":"","field_summary":[{"value":"\u003Cp\u003ETo understand how a nation can turn an adversary\u2019s lights out without firing a shot, you have to look inside the controllers that regulate modern infrastructure.\u0026nbsp;\u003C\/p\u003E","format":"limited_html"}],"field_summary_sentence":[{"value":"To understand how a nation can turn an adversary\u2019s lights out without firing a shot, you have to look inside the controllers that regulate modern infrastructure. "}],"uid":"27469","created_gmt":"2026-01-22 13:46:50","changed_gmt":"2026-03-31 11:57:19","author":"Kristen Bailey","boilerplate_text":"","field_publication":"","field_article_url":"","location":"Atlanta, GA","dateline":{"date":"2026-01-22T00:00:00-05:00","iso_date":"2026-01-22T00:00:00-05:00","tz":"America\/New_York"},"extras":[],"hg_media":{"679143":{"id":"679143","type":"image","title":"Today\u2019s power grid equipment incorporates internet-connected \u2013 and therefore hackable \u2013 computers. Joe Raedle\/Getty Images","body":"\u003Cp\u003EToday\u2019s power grid equipment incorporates internet-connected \u2013 and therefore hackable \u2013 computers. Joe Raedle\/Getty Images\u003C\/p\u003E","created":"1770040095","gmt_created":"2026-02-02 13:48:15","changed":"1770040095","gmt_changed":"2026-02-02 13:48:15","alt":"Today\u2019s power grid equipment incorporates internet-connected \u2013 and therefore hackable \u2013 computers. Joe Raedle\/Getty Images","file":{"fid":"263266","name":"file-20260121-66-2blqlf.jpg","image_path":"\/sites\/default\/files\/2026\/02\/02\/file-20260121-66-2blqlf.jpg","image_full_path":"http:\/\/hg.gatech.edu\/\/sites\/default\/files\/2026\/02\/02\/file-20260121-66-2blqlf.jpg","mime":"image\/jpeg","size":572159,"path_740":"http:\/\/hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/2026\/02\/02\/file-20260121-66-2blqlf.jpg?itok=HoGH-mtB"}}},"media_ids":["679143"],"related_links":[{"url":"https:\/\/theconversation.com\/hacking-the-grid-how-digital-sabotage-turns-infrastructure-into-a-weapon-272874","title":"Read This Article on The Conversation"}],"groups":[{"id":"1188","name":"Research Horizons"},{"id":"367481","name":"SEI Energy"}],"categories":[],"keywords":[{"id":"187915","name":"go-researchnews"},{"id":"194974","name":"go-theconversation"}],"core_research_areas":[],"news_room_topics":[{"id":"71881","name":"Science and Technology"}],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Ch5\u003EAuthor:\u003C\/h5\u003E\u003Cp\u003E\u003Ca href=\u0022https:\/\/theconversation.com\/profiles\/saman-zonouz-2560004\u0022\u003ESaman Zonouz\u003C\/a\u003E, Associate Professor of Cybersecurity and Privacy and Electrical and Computer Engineering, \u003Ca href=\u0022https:\/\/theconversation.com\/institutions\/georgia-institute-of-technology-1310\u0022\u003EGeorgia Institute of Technology\u003C\/a\u003E\u003C\/p\u003E\u003Ch5\u003EMedia Contact:\u003C\/h5\u003E\u003Cp\u003EShelley Wunder-Smith\u003Cbr\u003E\u003Ca href=\u0022mailto:shelley.wunder-smith@research.gatech.edu\u0022\u003Eshelley.wunder-smith@research.gatech.edu\u003C\/a\u003E\u003C\/p\u003E","format":"limited_html"}],"email":[],"slides":[],"orientation":[],"userdata":""}}}