Posted on July 25, 2018 at 3:45 PM
The Department of Homeland Security in the U.S. recently warned that a Russian state-sponsored group, identified as Dragonfly or Energetic Bear, could have gained access to the control rooms of electric utilities and caused blackouts. They said the campaign likely is ongoing, according to an article in the Wall Street Journal.
The chilling thought is that many of these companies would not know whether their cybersecurity has been compromised. It seems that they infiltrated utility networks by using the credentials of actual employees, theoretically making the intrusions more difficult to detect. The DHS withheld the names of victims during the press briefing but admitted that there could have been hundreds of targets in the last months.
DHS is conducting several briefings to try and get more cooperation from industry. It is important for them to know if there are new infections, and whether perpetrators have figured out ways to defeat security improvements like multifactor authentication. The probability that these attacks could be automated in the recent future is very realistic, according to Jonathan Homer, chief of industrial-control-system analysis for DHS. According to his statement, the cyber attack already started in 2016 and escalated throughout 2017. “They got to the point where they could have thrown switches,” he said.
They began by using spear-phishing emails and watering-hole attacks, tricking unsuspecting victims into entering their passwords on spoofed websites. Once in, they were able to compromise the corporate networks of suppliers, gain direct access to utility networks and steal confidential information. Many of these vendors are small companies that do not have sufficient budgets for cybersecurity.
But why is this important to consumers? Once the hackers understand how utility networks are configured, how equipment is controlled and how these facilities are supposed to work, they can cause disruptions, said Mr. Homer. Utility engineers will not be able to prevent substantial damage and potentially lengthy blackouts. For the public, it basically means that these hackers can cause havoc. Imagine having to deal without electricity for days or even weeks!
America in cyber war
Mike Rogers, the member of MITRE’s board of trustees & former House intelligence committee chairman, believes that America is in a cyber war and that Americans are ignorant of that fact.
“America is in a cyber war. Most Americans don’t know it,” says Mike Rogers, member of MITRE’s board of trustees & former House intelligence committee chairman, at the Washington Post’s #Cyber #202Live pic.twitter.com/7iXk2HfM4A
— MITRE (@MITREcorp) July 20, 2018
Cyber attacks on electrical systems are not fresh news. It is believed that the Russians hacked into Ukraine’s grid already in 2016, causing disruptions there. The US Department of Energy warned last year that the U.S. grid is in danger from cyber attacks. They also launched a joint strategy with their Canadian counterparts to strengthen the security of shared infrastructure.
Trump administration struggling
Recently, US president, Donald Trump signed an executive order to improve the cybersecurity of critical infrastructure, including utility grids like electricity and water. Financial, healthcare and telecommunications systems also form part of the order. In the midst of all of this, Trump is still trying to distance himself from the 2016 rumors of Russian influence in the elections.
Last week he once again had to deny these allegations. A recent article in the Washington Post mentions that the White House is not giving direction to a concerted national cyber strategy, so much so that the NSA and the Cyber Command are following their own strategies and are supported by the CIA, Homeland Security and the FBI.