Is Russian Hacking of U.S. Nuclear Power Plants a Reality?

New Evidence Points to Russian Hacking of U.S. Power Grid

Russian hacking of the United States’ power grid isn’t just probable, it is already happening.

Hackers recently breached at least a dozen U.S. power plants, including the Wolf Creek nuclear facility in Kansas. It appears they were searching for vulnerabilities in the electrical grid, likely to be exploited at a later, more critical time. In a related case, hackers also recently infiltrated an unidentified company that makes control systems for equipment used in the power industry. Although none of the security teams analyzing the breaches have linked the work to a particular hacking team or country, the chief suspect is Russia. Why are they the primary suspect? Because Russian hackers have previously taken down parts of the electrical grid in Ukraine across several attacks and seem to be testing more and more advanced methods.

An analysis of one of the tools used by the hackers had the stolen credentials of a plant employee, a senior engineer – likely from a spear-phishing campaign. There have been similar campaigns from the same hackers against targets in Ireland and Turkey as well as “watering hole” attacks meant to infect victims with malware based on their predictable and routine visits to certain websites.

Spend a minute imagining the destruction of a foreign nation or terrorist bringing down a portion of the U.S. electrical grid during the freezing cold of winter, near the control tower for an airport or just prior to launching a military invasion (see what happened in Ukraine).

Here’s the most important thing you need to understand – what has been launched so far are NOT ATTACKS, but preliminary tests. The Russians (or whoever is behind these “penetration tests”) want to know our vulnerabilities before they need to exploit them. They are merely testing the waters, so the absence of a serious event is definitely NOT proof that their efforts are not working. In fact, that is the mistake that many businesses make about cyber security – they wait until AFTER a successful attack on their data to become believers in the need for prevention.

In this case, as in many, the hacker’s first beta strikes are aimed at non-critical business networks – that’s how they come to learn the “language” of that particular power provider. Once they know the patterns, prejudices and back doors of these systems, they begin applying what they’ve learned to mission-critical operational systems. THAT’S HOW THEY TURN OFF THE LIGHTS, ONE TINY STEP AT A TIME.

And that is also the window in which we must solve our weaknesses. The metaphorical shot has been fired across the bow – we KNOW that someone is hacking into our nuclear power grid. But the bomb hasn’t yet landed in one of our neighborhoods. What are you doing to prevent “lights out” in your business? Organizations that have a Best Practice Cyber Security Plan already know how to avoid the dark. 


John Sileo is an an award-winning author and keynote speaker on security awareness training and cyber security. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. His body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Investigate Russian Hacking for Security, Not Politics (and get on with governing)

Our national security depends on cyber security, and Russian hacking threatens those defenses. Every day that I come to work, I see an erosion of traditional power structures at the hands of increasing cyber threats. The hacking of Yahoo by Russian operatives and the DNC are two such examples that have potentially shifted the balance of power from our marketplace and political sphere into the hands of Vladimir Putin, Russian cyber criminals and anyone piggybacking on their technology. Now that Roger Stone, an administration advisor, has admitted to contact with the DNC hacker (Guccifer 2.0), the ties are too direct to ignore. But we shouldn’t be doing this for purely political reasons, we should be doing it to clear our President and his administration of wrongdoing so that they can go on about governing the country and implementing their vision. 

If we don’t investigate the potential Russian hacking of the DNC with a thoroughness similar or better than the Yahoo hack, we are as much as admitting defeat in the cyber realm and simultaneously suggesting a coverup for political expediency. This isn’t about a single politician, this is about an entire political system. Cyber IS the new warfare, and we as a nation can acknowledge it now or after it is generally too late (which is what most corporations do). We don’t just need to get to the bottom of administration involvement, we need to get to the bottom of how Russian has inserted itself firmly in the midst of our democracy via hacking, trolling and kompromat (a Russian term for compromised materials, like hacked emails and tax records). 

Here are my recommendations for proceeding to have a neutral investigation of the charges so that we can clear our President and move on to discovering the source or our weakness: 

  1. Name a bipartisan select committee to investigate the alleged Russian hacking of our presidential election and President Trump’s ties to Russia. As they say, sunlight is the best disinfectant, and I’m certain that the administration has nothing to hide. But doing nothing sends exactly the opposite message – one of coverups and collusion for the sake of an election. 
  2. Since both Intelligence Committee Chairmen, Senator Burr and Representative Nunes, have close ties to President Trump, their involvement gives the appearance of bias. Taking a page from the book of Attorney General Sessions, both should recuse themselves from the investigation to eliminate all accusations of impropriety. 
  3. Appoint a well-respected Republican to chair the investigation so that it will be neutral, aggressive and fair. This is the only way to quiet the suspicion of corruption. Again, since the administration has nothing to fear, this is the only way to make the findings credible. To have colluded with Russia in any way would have been political suicide, so let’s prove this conversation false once and for all. 
  4. As part of it’s process, the committee would be wise to review Trump’s tax returns (in a confidential, non-public setting) to dispel any beliefs about his business or financial ties to Russia (of which he has assured us there are none) and extinguish two myths with a single stroke. 
  5. Commission an external, forensic cyber-penetration test to determine where the weaknesses lie within our cyber security so that loopholes can be closed before the next attack. This MUST be an external audit because there is too much at stake to leave this to governmental IT teams just trying to keep their jobs. Like students grading their own papers without oversight, unscrutinized self-assessments are necessarily faulty assessments. 

The end game of this investigation should be apolitical and focused on righting the cyber weaknesses inherent in our national cyber infrastructure.

John Sileo is the award-winning author of Privacy Means Profit (Wiley & Sons), a cyber security expert and a keynote speaker on all topics involving cyber security training. Contact him directly here.

Happy About the Election Hacking of Your Presidential Vote?

Election Hacking Confirmed: The NSA, CIA and FBI have universally concluded that Russian President Vladimir Putin interfered with and  quite possibly changed the outcome of our Presidential election. Regardless of who you voted for, your vote has been hacked. If you are a Clinton supporter, you face the prospect of your candidate having lost the election due to manipulation. If you are a Trump supporter, it’s possible that our future President’s mandate and credibility have been significantly undermined and eroded.

This is a major loss for both sides of the political spectrum – it is a massive loss for America as voiced by politicians both Republican and Democrat. In case you haven’t had time to keep up with the findings of the Director of National Intelligence, here are the nuts and bolts of what the NSA, CIA and FBI agreed on unanimously and with high confidence (a nearly unprecedented occurrence in intelligence history).

As quoted or summarized from the non-partisan report:

  • “Putin ordered an influence campaign aimed at the US presidential election” in order to “undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.”
  • “Putin and the Russian Government aspired to help President-elect Trump’s election chances when possible by discrediting Secretary Clinton.”
  • Putin held a grudge against Clinton because he publicly blamed her for inciting mass protests against his regime in late 2011 and early 2012.
  • “Putin publicly pointed to the Panama Papers disclosure [which implicated many of his wealthy friends and political supporters] and the Olympic doping scandal [which embarrassed him publicly] as US-directed efforts to defame Russia.” [Explanatory emphasis mine]. The hacking of the US election is seen to be a retaliatory effort against those and other perceived slights against his leadership.
  • “Russian intelligence services collected [information] against the US primary campaigns, think tanks, and lobbying groups they viewed as likely to shape future US policies.”
  • The GRU [Russian military intelligence] used fake media outlets like to disseminate hacked emails from the DNC, Colin Powell and John Podesta [Clinton’s campaign manager] in a massive traditional media and social media campaign aimed at undermining the Clinton candidacy.
  • Russian media hailed President-elect Trump’s victory as vindication of Putin’s advocacy of global populist movements – the theme of Putin’s annual conference for Western academics in October 2016 – and the latest example of Western liberalism’s collapse.

Trump has continued to downplay and even deny Russia’s role in influencing the election, despite overwhelming evidence from every American intelligence agency. Can you blame him? For Trump to give Russia or Putin credit would be to undermine his own legitimacy and claim to the presidency. After all, who wants to feel like they won the election as a byproduct of someone else cheating on their behalf?

This is where we get to see what Congress is made of. Will they bury the story to protect their new leader and risk the stability and credibility of our country? If not, Putin will have achieved his ultimate goal – significantly weakening our democracy.