The Kansas-based Wolf Creek Nuclear Operating Corp. was one of the nuclear-power companies that was hacked.
U.S. government officials have concluded that Russian government hackers were indeed behind recent infiltrations of the business systems of nuclear power plants and other energy companies in the U.S., according to a Washington Post report published Saturday night. The cyber-reconnaissance breaches appear to have been limited to computer networks related to business and administrative work at less than a dozen companies, and there is no evidence that the computer systems that control those companies’ power plants were ever at risk. Regardless, the intrusions are the first to get successfully into American nuclear-power companies, and they seem to indicate a willingness on the part of Russia to target the U.S. energy system or at least to probe it for weaknesses in preparation for a future cyberattack.
The intrusions themselves had been previously reported and seem to have been underway since at least May. A warning had gone out to the U.S. energy sector from the FBI and Department of Homeland Security late last month, but the perpetrators have only recently been linked to the Kremlin. The hacking method involved spearphishing and “watering hole” techniques to gain company employees’ log-in and password data.
Energy companies have good reason to be worried about any such mischief: Russian hackers are suspected of having been behind the successful disruption of power networks in Ukraine both last December, causing a blackout in Kiev, and in December 2015, leaving 225,000 without power for up to six hours. The Russian government has previously targeted U.S. infrastructure computer systems in 2014, and last year sought to disrupt and hack the U.S. presidential election, according to intelligence officials.
The Post adds that most of America’s nuclear power plants are relatively safe from cyberattacks because the plants are completely cut off from the internet. Electric power plants are more vulnerable. The same hackers behind these recent attacks have been active throughout the world since 2015 at least, targeting energy and industrial firms in Turkey and Ireland as well, according to cybersecurity analysts.
At a meeting between President Trump and Russian president Vladimir Putin at the G20 on Friday, the two leaders discussed forming some kind of shared cybersecurity unit, though it is far from clear how this would prevent future Russian cyberattacks or why Trump would even consider such an idea.