The story hides in the back pages of the globe’s newspapers. But it must be read. On December 23, large parts of Ukraine – a bitter enemy of Vladimir Putin’s Russia – were plunged into darkness as the electrical grid was hit by a malware attack.

Ukraine makes no bones about the bad actor. It has publicly blamed Russia. The US thus far is more reticent – assigning authorship in such cases always is difficult – but multiple experts indicated that in all probability Russia, with its history of recent bad blood with Ukraine, had in fact authorized the attack.

This is serious business.

And this threatens you.

That is because this is the first power outage clearly linked to a cyber attack.  It won’t be the last.

A lot of writing about hacking and malware is essentially worst case dramatizations of improbable scenarios.  Yes, there are mathematical possibilities of a hacker seizing control of your late model car – essentially a computer peripheral with wheels – and making it go in circles.  Of course there are real – and doubtless annoying – cases of crazed hackers seizing control of another house’s baby monitor and cursing at the infant.  Etc.

Deranged, adolescent behavior.

But if you want to drive a society to the brink, pull the plug on its power.

Former Nightline TV host Ted Koppel, in a recent book called “Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath,” wrote: “If an adversary of this country has as its goal inflicting maximum damage and pain on the largest number of Americans, there may not be a more productive target than one of our electric power grids.”

We know what it is like to lose power on a mass scale. It has happened in the US – in cases with no ties to terrorism – and it is ugly.

In November, 1965, for instance, a big part of the US northeast – from Ontario Canada to New York – was plunged into darkness due to a failure of the power grid.

It happened again in October 2012 when Hurricane Sandy knocked out many power stations and blew down power lines across New Jersey and New York.

Nothing works when there is no power. ATMs do not disgorge cash.  Gas pumps do not pump.  In many homes there is no heat and definitely no air conditioning.

Knock out the power and you knock a country into the Stone Age.

And that apparently happened in Ukraine, apparently at the hands of cyber attackers.

How did the malware enter the Ukraine power system? We don’t know – probably never will – but Trend Micro researcher Kyle Wilhoit said, “It is highly likely that it was delivered to its intended victim via a phishing email with an infected attachment. Once executed, the document downloaded the appropriate packages for persistence on the infected machine.”

Read that again.  Wilhoit is saying that simple human error – clicking on an email one should have ignored – is at the root of this and if we know anything about malware it is that often human failings are what malware typically exploits.

Asked point blank if such an attack could succeed in the US – substitute any of your favorite western nations – he said: “It’s hard to say if this type of attack could succeed in the US. Unfortunately, we don’t have all the details associated with this incident. Meaning, we don’t know if the malware identified is solely responsible for the outage or if there are other factors at play here. I can say that if this type of malware were to be introduced into a critical infrastructure environment, it could certainly cause havoc if proper compensating controls are not in place, like redundant systems and proper backup methodologies.”

Are the Russians developing such attacks?

Another question: are the North Koreans?

Of course they are and probably so is the US, so is the UK, so are the Chinese, so are the Israelis.

And not much is being done to stop the attacks.

Don’t think nation states – with mayhem on their minds – don’t know this already.

The only real question is this: when will our electric grid be attacked?  It is coming, we just don’t know when or from whom.

Are we defended?  US utilities are in a rush to toughen defenses. Will it be enough, in time?  We will find out.