While the United States was focused on concerns that Russia may have hacked the last election, since May, hackers have breached the computer systems of at least a dozen U.S. power plants, including nuclear facilities. This raised concerns that someone is looking for ways to disrupt the U.S. electric grid, and there are signs that Russia may be the culprit.
The New York Times and Bloomberg reported on Thursday night that last week the Department of Homeland Security and the FBI issued an urgent alert to utilities about potential hacking. The report concluded that the hackers were trying to map out the facilities’ computer networks for future attacks. According to the Times, they obtained the credentials of industrial control engineers using a variety of methods, such as redirecting the engineers’ internet traffic through their own computers and planting malicious code in fake résumés attached to emails about open positions.
Industrial control engineers have access to systems that could cause safety issues if compromised. However, as Wired explains, at nuclear facilities, the computer systems are separate from “far more obscure, less internet-connected systems that actually manipulate its physical equipment.” Edwin Lyman, a nuclear expert with the Union of Concerned Scientists, told Bloomberg that there are various safeguards at nuclear sites that ensure, “you can’t really cause a nuclear plant to melt down just by taking out the secondary systems that are connected to the grid.”
DHS and the FBI issued a joint statement saying, “There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.” Bloomberg said special teams from the two agencies are working to extricate the hackers from the facilities’ systems, “in some cases without informing local and state officials.”
The report did not say exactly how many systems have been compromised or speculate on the hackers’ motives. It did say an “advanced persistent threat” actor was responsible, which suggests U.S. officials believe the hackers are backed by a foreign government.
Three people told Bloomberg that Russia is the chief suspect, and according to the Times, the hackers’ techniques look similar to those of the Russian hacking group “Energetic Bear,” which has been linked to attacks on the energy sector in recent years.
Critical infrastructure systems are frequent targets for hackers, and Russia certainly isn’t the only nation launching such cyberattacks (for instance, the U.S. and Israel are believed to be behind the Stuxnet computer worm that significantly damaged Iran’s nuclear centrifuges). But their potential involvement is particularly concerning because Russian hackers are suspected of disrupting Ukraine’s power grid at least twice since 2015. The hackers may be testing methods in Ukraine to prepare for a larger attack on the power grid.
During his speech in Warsaw on Thursday, President Trump called on Russia to “cease its destabilizing activities in Ukraine and elsewhere.” Trump could raise the issue of potential cyberattacks when he meets Russian president Vladimir Putin on Friday, but they have a lot to discuss.