The U.S. Department of Energy reported last year that the country experienced at least five cyberattacks on our power grids, from Washington state to here on the East Coast.
▶ WATCH CHANNEL 9 EYEWITNESS NEWS
Florida alone was the site of two of those cyberattacks. Records show that Orange County was hit by a “cyber event” in April 2023, just two months after vandalism was reported at a power plant in the county.
What makes matters worse is that there are new concerns about hacking.
Read: Bounced email leads to accusations of lawbreaking and political firestorm in Orange County
An Orlando-based company is warning that something almost all of our energy sources depend on is in danger.
The phone you scroll on, the plane you fly, the power supply in your home: it all depends on software. And that software consists of code. It works a bit like building blocks.
But anyone, even our foreign adversaries, can contribute their “block” or code to build that final software product.
Read: Rescue efforts are underway for a woman who may have fallen into a sinkhole while searching for a cat
They can contribute their “block” to the stack using sites like GitHub, a developer platform where software developers from all over the world can contribute code.
Fortress Information Security calls these pieces of code a silent threat to the country’s critical infrastructure.
“That silent threat is all those little compulsive components in your software that are lurking there. Maybe you don’t know about it yet. You don’t know they are a problem, but they can be used to attack and infiltrate our systems,” said Bryan Cowan.
Cowan is a product manager at Fortress Information Security. This year, the company expanded its research by analyzing more than 2,000 software products that the nation’s power grid, oil pipelines, communications and other critical infrastructure rely on.
Read: Woman pleads guilty in deadly golf cart accident on wedding night
They found that 90 percent of these products rely on code components from Chinese developers.
“We know that China is not our friend,” Cowan said. “We know that attackers are always looking for new ways to penetrate our systems. You know, now that we’ve gotten better at protecting the front door, they’re trying to get in through the side door. So that’s what these types of components help them do, which is, hey, maybe I can’t get into it directly, but if I can compromise one of these software components and it’s distributed across many different systems, then I have a lot of opportunity. trying to get through it.”
And if the code is compromised, hackers can use it to hold critical infrastructure from ransom.
Cowan said they found more than 9,000 vulnerabilities in the products. The majority of them can be traced back to just twenty pieces of code.
Read: Celebrity Equinox sails from Port Canaveral for the first time
“We know these problems are solvable. It takes some effort and some resources to be able to tell if you are creating the software, you have to do everything you can to prevent things from getting into your software,” Cowan said.
This research is a follow-up to what the company released last year.
This year, the company expanded its research into products beyond utilities to gas, aerospace and defense.
The company says it has found more foreign influence with software.
Cowan said they are releasing this information publicly to raise awareness of the threats.
Click here to download our free news, weather and smart TV apps. And click here to stream Channel 9 Eyewitness News live.
