Report: Vermont utility not likely targeted by Russian hackers
- Malware found on the computer of a Vermont utility and previously thought to be linked to the Russian government was not associated with the Kremlin, according to a new report from the Washington Post.
- Last week, the Post reported that malware discovered on the computer of a Burlington Electric employee was connected Russian intelligence initiatives that also targeted the Democratic Party during the 2016 presidential campaign. Now, the paper says that report was in error.
- Instead, intelligence officials and the company now think the IP address discovered could be harmless, since it is not always associated with nefarious activities.
Premature investigation leaks and a recent cybersecurity analysis from the FBI and Department of Homeland Security appear to have contributed to the erroneous story, which Utility Dive picked up on Monday.
According to the Post, a Burlington Electric employee set off an alert last week that he had connected to an IP address associated with a Russian intelligence initiative that the joint FBI-DHS report connected to election hacking.
In the joint analysis, the agencies listed malware and IP addresses that they concluded Russians used during the attacks on the Democratic National Committee, sending the information to utility executives and other companies. Among the listed malware was Grizzly Steppe, which Burlington Electric officials initially said was found on the laptop. The analysis said that such attacks by the Russian civilian and military intelligence Services (RIS) was "part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens."
The initial report sparked serious concern among elected officials. Vermont Gov. Peter Shumlin (D) called for a federal investigation and Sen. Pat Leahy (D-VT) was reportedly briefed by Vermont police on the subject.
But now, the Post reports that conclusion was premature, with unnamed intelligence officials telling the paper the IP address could be part of a run-of-the-mill cyber probe or harmless altogether. Indeed, the joint analysis itself warns that "[u]pon reviewing the traffic from these IPs, some traffic may correspond to malicious activity, and some may correspond to legitimate activity.”
The confusion over the source of the malware reflects a deep unease in the U.S. utility industry over cybersecurity and a growing suspicion of Russian influence.
In other countries, the FBI analysis cautioned, "RIS actors conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure networks." And it's not the first time Russians have been accused of attacking a foreign country's grid. Last year, reports surfaced that the Kremlin likely launched a series of cyberattacks on the Ukraininan grid, which lead to blackouts, though Russian officials denied any involvement.
Had a nefarious actor gained access to the U.S. power grid, the costs could be massive. Last year, Lloyds of London estimated a worst case-scenario cyberattack could cost the U.S. up to $1 trillion and plunge the country into utter chaos. And results from a simulated grid attack in 2015 pushed the North American Electric Reliability Corp. (NERC) to draft a report calling for improvements in information sharing to protect the nation's critical infrastructure.
The joint FBI-DHS report was meant to enhance the information sharing between government and private companies, but the resulting confusion highlights the difficulties in coordinating their efforts. This summer, NERC is expected to release an improved cybersecurity protocol that will require security protocols for critical infrastructure software, as well as services linked to the bulk power grid.
How the incoming administration will tackle the cybersecurity issue remains to be seen. President-elect Donald Trump cast doubt on the viability of intelligence linking Russians to the cyberattacks that lead to email leaks from the DNC and Hillary Clinton campaign. But he also acknowledged in a press conference last week that more cybersecurity might be "needed" following the Obama administration's moves to punish Russia for allegedly undermining the U.S. elections this year.
Follow Gavin Bade on Twitter