The real threat to global critical infrastructure is not enemy states or organisations but squirrels, according to one security expert.
Cris Thomas has been tracking power cuts caused by animals since 2013.
Squirrels, birds, rats and snakes have been responsible for more than 1,700 power cuts affecting nearly 5 million people, he told a security conference.
He explained that by tracking these issues, he was seeking to dispel the hype around cyber-attacks.
His Cyber Squirrel 1 project was set up to counteract what he called the “ludicrousness of cyber-war claims by people at high levels in government and industry”, he told the audience at the Shmoocon security conference in Washington.
Squirrels topped the list with 879 “attacks”, followed by:
- birds – 434
- snakes – 83
- raccoons – 72
- rats – 36
- martens – 22
- frogs – three
He concludes that the damage done by real cyber-attacks – Stuxnet’s destruction of Iranian uranium enrichment centrifuges and disruption to Ukrainian power plants being the most high profile – was tiny compared to the “cyber-threat” posed by animals.
Most of the animal “attacks” were on power cables but Mr Thomas also discovered that jellyfish had shut down a Swedish nuclear power plant in 2013, by clogging the pipes that carry cool water to the turbines.
He also discovered that there have been eight deaths attributed to animal attacks on infrastructure, including six caused by squirrels downing power lines that then struck people on the ground.
Mr Thomas – better known as SpaceRogue – set up Cyber Squirrel 1 as a Twitter feed in March 2013 and initially collected information from Google alerts.
It has since evolved into a much larger project – collecting information from search engines and other web sources.
Mr Thomas only collected reports compiled in the English language and admitted that he was probably only capturing “a fraction” of animal-related power cuts worldwide.
“The major difference between natural events, be they geological, meteorological or furry, is that cyber-attacks are deliberate orchestrated by humans,” said Luis Corrons, technical director of security firm PandaLabs.
“While natural disasters are taken into account when critical infrastructure facilities are built, that’s not the case with computers. Most critical facilities were never designed to connect to the rest of the world, so the kind of security they implemented was taking care of the physical world surrounding them.
“The number of potential attackers is growing, the number of potential targets is also going up. So we all need to reinforce our defences to the maximum – and also worry about squirrels.”