Late last week, a joint statement by the Department of Homeland Security and the Federal Bureau of Investigation confirmed that the Russian government has been behind an ongoing targeted campaign to penetrate U.S. power plants and the electric grid.
Of course, this fact has been well known and has been reported on repeatedly in the past, including this blog. But in this alert, the government indicated that the Russian hackers have targeted key energy companies and have been successful in penetrating their systems and accessing and copying data that security experts say could be used to turn off power to customers. This is an unusual admission and warning by the government to the private sector.
Revelations over the past year indicate that the federal government has evidence that foreign hackers have infiltrated U.S. power companies, including a nuclear plan in Kansas. According to the alert “Since at least March 2016, Russian government cyber actors…targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.” The Trump administration subsequently issued new sanctions against Russia, including for its threatening cyber activities.
The Russians are using phishing and spear-phishing campaigns directly against energy and power grid employees and inserting malware into the systems of critical infrastructure to gather information, then using vendors and other company partners to get access to more critical systems. This information gathering by the Russians is believed by many security experts to be a precursor for the ability for Russia to cause a power outage.