United States power systems and other utilities have been under foreign cyberattack for the past few years.
This was only brought to public light last week by the U.S. Department of Homeland Security and the FBI, who jointly released a Technical Alert that U.S. utilities and companies had been subjected to a series of cyberattacks, starting in 2016 (some media reports state that some went back to 2015).
The culprit? According to the report: “Russian government cyber actors”.
This is not the first time the Russian government has assaulted a foreign adversary’s infrastructure. Russia in 2016 is believed to have targeted the Ukraine’s power grid for massive attacks that turned off 20% of the system.
Last week’s Technical Alert states that the Russians targeted in the U.S. “small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks”.
The danger posed was very real.
One target was a nuclear plant near Burlington, Kansas. Other nuclear plants were targeted in both the U.S. and Europe. A range of U.S. power, water and other enterprises were infiltrated.
The New York Times quoted Eric Chien, a security technology director at Symantec, as noting: “We now have evidence they’re sitting on the machines, connected to industrial control infrastructure, that allow them to effectively turn the power off or effect sabotage.”
Some analyst believe the purpose of this effort was to demonstrate that Russia could do grave damage to U.S. infrastructure – if it chose to do so.
Imagine if tensions were to rise with Russia over the Ukraine, election hacking, or some future issue. Russia could attempt to turn off power plants around the U.S., shut down sewer or water systems randomly and disrupt power distribution in selected regions.
One key player in holding the line to protect U.S. infrastructure from such attacks is the Idaho National Laboratory.
Over 500 INL employees are dedicated to cyber security efforts, with a particular focus on protection of U.S. infrastructure. This aspect is rapidly growing.
INL hosts the Cyber Security Test Bed, which is a test bed to evaluate cyber vulnerabilities. It allows INL to mirror a particular U.S. utility’s control systems to evaluate and respond to attacks.
This report shows that Russia is willing to directly threaten the U.S. public and U.S. industry. Expect the INL to play an every growing role in fending off such attacks in the future.
Last week’s report was interesting in that the Trump administration has been low key with respect to Russia until last week. Trump had drawn some fire for dragging his feet in implementing the bipartisan sanctions against Russia pushed by Idaho Sen. Mike Crapo and passed by the U.S. Congress.
That may be changing.
Around the time the report was released, Trump himself last week backed British Prime Minister Theresa May on her claim that the Russians had used nerve gas to attack an expatriate and his daughter on a bench in Britain.
Don’t be surprised if the Trump administration and Congress push more resources into cybersecurity for infrastructure efforts, boosting INL’s importance on this issue.