Is Russia Planning an Attack Against U.S. Utilities?

Hackers working for Russia claimed “hundreds of victims” last year in a giant and long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts, reported Rebecca Smith for this week.

In an effort to heighten awareness in this sector, the Department of Homeland Security is offering utility providers an awareness briefing on Russian activity against critical infrastructure.  Dates are available for this briefing beginning next week.

While it is not unusual for DHS to offer this type of briefing to private sector energy providers, the need for this round of briefings could be seen as an uptick in concern by U.S. Government officials when viewed in light of the currently strained U.S./Russian relationship and Russia’s long-running history of cyber mischief aimed at power companies.

The hackers, who worked for a Russian state-sponsored group known as Dragonfly or Energetic Bear, claimed “hundreds of victims” in 2017, according to officials at the Department of Homeland Security, the Journal reported.

The report comes amid increasing cyber-tensions between Moscow and Washington. A federal grand jury in the U.S. indicted 12 Russian intelligence officers earlier in July on charges of hacking the computer networks of 2016 Democratic presidential candidate Hillary Clinton and the Democratic Party. (Reuters)

When asked about these reports, Sean Newman, Director of Product Management, Corero Network Security said:

“As the old adage goes, you’re only as strong as your weakest link. And, reports from the US Dept of Homeland Security now suggest this is exactly the situation US utility companies are facing, with respect to alleged nation-state infiltration. In fact, any organization which relies on contractors, for specific services they cannot deliver internally, can find themselves in a similarly compromised situation, however strong their own security practices are. Unfortunately, this is not the preserve of organizations delivering critical national infrastructure, as those at US retailer Target can testify, after their massive data breach, back in 2013, which resulted from the attackers compromising their systems via their HVAC contractor.

“This is a stark reminder that organisations of all types and sizes should assess all aspects of their IT security, including those of their contractors and supply chain, and this doesn’t just pertain to hacking attempts but, also includes their resilience to DDoS attacks, which could impact the ability to provide their regular services, and the knock-on impact that creates.

“As more ICS infrastructures, such as those used by utility companies, are connected to their broader networking infrastructure, then the risk will continue to grow.”

Ray DeMeo, Co-Founder and COO, Virsec commented:

“The threat of disruption to our critical infrastructure is very real, as recent attacks in the Middle East and Ukraine have shown. The outcomes may depend on the motivations of the hackers, but recent attacks have included ransoming critical data, service disruptions, or serious damage to control systems and physical equipment.

“The government is raising awareness, but responses need to be more aggressive and coordinated. The needs to shift from chasing endless elusive external threats, to directly protecting systems from attack in real-time.”

“Defense strategies need to pivot away from a sole focus on conventional perimeter defenses – the latest attacks have easily bypassed the perimeter. It’s crucial to detect and stop attacks in progress. Vendors need to do more to bridge a wide gap in technology and understanding between IT and OT (operational technology). We are far too dependent on air-gapping as our primary defense, despite the fact that systems are increasingly connected.”

An attack against the U.S. power grid could potentially have devastating results in terms of loss of life as well as a crippling financial effect – so much so that many believe that U.S. retaliation for such a strike would necessarily be so severe that it acts as a deterrent to any potential attack.

Steven Bowcut, CPP, PSP is the Editor-in-Chief for Brilliance Security Magazine