- An alert based on analysis by the Federal Bureau of Investigation and the Department of Homeland Security alleges Russian hackers have mounted a methodical, long-term campaign to infiltrate and surveil critical United States infrastructure, including energy and nuclear.
- The technical alert, issued by the U.S. Computer Emergency Readiness Team (CERT), associates the threat with the "Dragonfly" a campaign that security firm Symantec warned about in September.
- According to the new alert, on multiple occasions hackers were able to access workstations and servers on a corporate network that contained data output from control systems within power plants.
Russia is in the news a lot these days. Today the White House imposed sanctions for the country's hacking and election interference, but less high-profile is CERT's report describing a deliberate and long-term campaign to infiltrate the United States' critical industrial sectors.
Hackers "appear to have deliberately chosen the organizations they targeted, rather than pursuing them as targets of opportunity," the report concludes. And staging targets "held preexisting relationships with many of the intended targets." Department of Homeland Security's analysis identified hackers accessing publicly available information hosted by organization-monitored networks "during the reconnaissance phase."
The alert covers "Russian government actions targeting U.S. Government entities," as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. DHS believes hackers are seeking information on network and organizational design and control system capabilities within organizations.
"In some cases, information posted to company websites, especially information that may appear to be innocuous, may contain operationally sensitive information," the report warns.
In one example, the report warns hackers "downloaded a small photo from a publicly accessible human resources page," and then were able to examine the high-resolution image to show "control systems equipment models and status information in the background."
Cyber vulnerabilities of the utility sector have been a concern for years, but the issue has been under intense scrutiny recently. Cybersecurity firm Dragos issued a report noting a rise in targeted attempts to infiltrate utility systems coming from North Korea-related hackers. The review of 2017 also notes hackers are getting more sophisticated and more dangerous to industry, with malware increasingly being used to target industrial control systems.
While there has been limited success in terms of hackers disrupting operations, federal officials so far say the objective has been surveillence. Recently, the focus of attacks appears to have shifted to industrial control vulnerabilities.
Hackers last year were able to penetrate the safety systems of a petrochemical plant in Saudi Arabia in part by taking advantage of an older device made by Schneider Electric. But the highest-profile attack was the successful 2015 attack on Ukraine’s grid, which caused widespread blackouts and raised fears that the U.S. could be vulnerable to a similar attack.
Acknowledging the threat, the Trump administration in February moved to establish a new office within the Department of Energy to focus on cybersecurity, energy security and emergency responses. A report from Accenture last year found almost two-thirds of utility executives globally believe their country faces at least a moderate risk of a cyberattack on the electric grid in the next five years.
Just in North America, the number who say an attack is likely rises to 76%. Utility Dive's latest survey of utility professionals says respondents listed cybersecurity as a top concern, a recurrent theme from past surveys.