Reports: Cyberattacks breached at least a dozen power plants, including nukes
- Cyberattacks from a foreign government recently breached a dozen or more U.S. power plants, including conventional and nuclear generators, multiple media outlets report.
- The U.S. Department of Homeland Security and the Federal Bureau of Investigation have issued a report noting the Wolf Creek Nuclear station in Kansas was among facilities targeted, according to the New York Times. The report is said to contain an urgent amber warning, the second-highest threat rating.
- Bloomberg reports that Russia is a chief suspect in the hacking, though other outlets did not name a potential source of the attacks and some analysts warn attribution is premature.
Just hours before President Trump sits down across from Russian President Vladimar Putin, Bloomberg reports that Russia is suspected to be behind cyberattacks last month that targeted U.S. facilities.
Other outlets said that conclusion could be premature. E&E News reports that none of the "dozens" of federal workers and utility and cyber experts it interviewed in recent weeks gave any indication of where the attack came from.
Robert Lee, the CEO of security firm Dragos, took to twitter last night to tamp down on the Russia talk.
The details of the case aren't even public yet. Half of this is gossip theater. Attribution is NOT POSSIBLE yet.— Robert M. Lee (@RobertMLee) July 6, 2017
First reported by E&E News, the event has been code named "Nuclear 17." And it now appears to be more widespread than previously thought. Importantly, however, no attacks successfully penetrated plants' operational controls, and many were directed at corporate systems often unconnnected.
According to the Times, some attacks targeted specific people — engineers with control system access. E&E reports many of the attackers used a "watering hole" technique, where they plant malicious code on websites likely to be visited by workers.
Cybersecurity is increasingly a focus in the power sector in the wake of a successful attack in Ukraine last year which resulted in a widespread blackout and Russian interference in the 2016 U.S. elections.
Galina Antova, co-founder of Claroty, which focuses on industrial control system security, told Bloomberg that "we’re moving to a point where a major attack like this is very, very possible."
Once hackers are into a plant's control systems, typically accessible through the facility's regular computer network, "then the basic security mechanisms you’d expect are simply not there," she said.
Bloomberg also has some details on the attack targeting Wolf Creek: Though it was unsuccessful, hackers reportedly used stolen credentials of a senior engineer at the plant.
In May, Dragos issued a report concluding malware that was used in a 2015 cyberattack resulting in power outages in Ukraine could be modified by developers to target the United States. The firm said the malware, named "CrashOverride," was sophisticated — and just the second industrial control system-tailored malware to target physical industrial processes.
News of last months' cyberattacks broke alongside a wave of ransomware attacks was spreading across parts of Europe, similar to the WannaCry virus that surfaced in May. Those attacks shut down decommissioning operations at the Chernobyl nuclear site, though U.S. officials said there were no indications the malware targeted North American power operations.
A widespread or persistent outage could be devastating. Lloyd's of London has estimated the potential impacts of a successful attack on the U.S. power grid, and concluded the total economic loss could range from $243 billion up to $1 trillion in the most damaging scenarios.
Follow Robert Walton on Twitter