New Evidence Points to Russian Hacking of U.S. Power Grid
Russian hacking of the United States’ power grid isn’t just probable, it is already happening.
Hackers recently breached at least a dozen U.S. power plants, including the Wolf Creek nuclear facility in Kansas. It appears they were searching for vulnerabilities in the electrical grid, likely to be exploited at a later, more critical time. In a related case, hackers also recently infiltrated an unidentified company that makes control systems for equipment used in the power industry. Although none of the security teams analyzing the breaches have linked the work to a particular hacking team or country, the chief suspect is Russia. Why are they the primary suspect? Because Russian hackers have previously taken down parts of the electrical grid in Ukraine across several attacks and seem to be testing more and more advanced methods.
An analysis of one of the tools used by the hackers had the stolen credentials of a plant employee, a senior engineer – likely from a spear-phishing campaign. There have been similar campaigns from the same hackers against targets in Ireland and Turkey as well as “watering hole” attacks meant to infect victims with malware based on their predictable and routine visits to certain websites.
Spend a minute imagining the destruction of a foreign nation or terrorist bringing down a portion of the U.S. electrical grid during the freezing cold of winter, near the control tower for an airport or just prior to launching a military invasion (see what happened in Ukraine).
Here’s the most important thing you need to understand – what has been launched so far are NOT ATTACKS, but preliminary tests. The Russians (or whoever is behind these “penetration tests”) want to know our vulnerabilities before they need to exploit them. They are merely testing the waters, so the absence of a serious event is definitely NOT proof that their efforts are not working. In fact, that is the mistake that many businesses make about cyber security – they wait until AFTER a successful attack on their data to become believers in the need for prevention.
In this case, as in many, the hacker’s first beta strikes are aimed at non-critical business networks – that’s how they come to learn the “language” of that particular power provider. Once they know the patterns, prejudices and back doors of these systems, they begin applying what they’ve learned to mission-critical operational systems. THAT’S HOW THEY TURN OFF THE LIGHTS, ONE TINY STEP AT A TIME.
And that is also the window in which we must solve our weaknesses. The metaphorical shot has been fired across the bow – we KNOW that someone is hacking into our nuclear power grid. But the bomb hasn’t yet landed in one of our neighborhoods. What are you doing to prevent “lights out” in your business? Organizations that have a Best Practice Cyber Security Plan already know how to avoid the dark.
John Sileo is an an award-winning author and keynote speaker on security awareness training and cyber security. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. His body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.