Critical infrastructure protection is a priority for all countries around the world, starting with their electrical grid.

Two things stand out about the malware, dubbed "Industroyer" by the researchers — it's an order of magnitude easier to use than previous programs and it wasn't actually deployed to do any real damage, meaning whoever's behind the December attack might simply have been testing the waters.

The United States has been concerned about possible attacks on the power system for years. President Trump's cybersecurity executive order, signed in May, specifically asks for a report on dangers to the electrical grid, for example.

There's no evidence the malware has been deployed in the United States, but the highly sophisticated way it was written means it would be very simple to use here, say experts.