DHS Reportedly Warns that Russians Hacked Control Rooms
Department of Homeland Security (DHS) officials have again reportedly said that Russian hackers could have infiltrated power plant control rooms and caused blackouts last year.
The continuing cyber threat campaign may be spearheaded by a state-sponsored group known as Dragonfly or Energetic Bear, the Wall Street Journal reported on July 23. The attacks claimed “hundreds of victims” and “got to a point where they could have thrown switches,” Jonathan Homer, chief of industrial-control-system analysis for DHS, told the newspaper.
The DHS in October 2017 provided a cursory profile of Dragonfly and its distinct tactics. The group has reportedly stepped up cyberattacks aimed at severely crippling operations in the European and North American energy sectors. The DHS lists the threat under “reported Russian military and civilian intelligence services,” along with BlackEnergy, Energetic Bear, and Havex. Power plant cybersecurity experts told POWER that the campaign appears to be specifically targeting operational technology (OT), likely with intent on gathering specific intelligence on operational networks and the technologies they can use to plan future attacks.
In March 2018, the DHS issued its first dire warning that Russian government cyber threat actors have infiltrated workstations and servers of corporate networks containing data output from industrial control systems (ICS) or supervisory control and data acquisition (SCADA) systems associated with an unnamed number of power plants. That warning was part of a technical alert jointly released with the FBI providing information on the compromises as part of a multi-stage intrusion campaign carried out by Dragonfly.
The U.S. government has since stepped up its role in protection of critical infrastructure against the surge of growing—and evermore insidious—cybersecurity threats.
In May, the Department of Energy released a multiyear strategy to help industry “gain an upper hand” in the fight against cybersecurity. In June, the Treasury Department slapped sanctions on five Russian firms and three Russian individuals for several “significant” malicious cyber-enabled activities, including cyber intrusions in the U.S. energy grid, though it declined to provide details on the nature of those intrusions.
Concerned about a gap in information about attempted cyber-intrusions, on July 19 the Federal Energy Regulatory Commission ordered the North American Electric Reliability Corp. to broaden, within six months, its Critical Infrastructure Protection (CIP) reliability standards to include mandatory reporting of cybersecurity incidents that could harm the bulk electric system.
Also on July 19, the National Cybersecurity and Communications Integration Center (NCCIC)—the DHS’s hub created to encourage coordination between government agencies and the private sector—launched a series of webinars on Russian government cyber activity against critical infrastructure. The first one was held on Monday, July 23; others are scheduled on July 25, July 30, and August 1. Attendees may only access the webinar as guests on the day of each event.
The DHS also plans to host a National Cybersecurity Summit on July 31, 2018, in New York City. The summit will bring together “a broad group of representatives from across government including officials from Department of Defense, National Security Agency, Federal Bureau of Investigation, Department of Energy, and Department of Treasury,” the agency said last week. “They will be joined by academia and industry CEOs across sectors including telecom, financial, and energy to lay out a vision for a collective defense model to protect our nation’s critical infrastructure. Through panels, keynote addresses, and breakout sessions, the summit will serve as a launching point for a number of DHS initiatives to advance cybersecurity and critical infrastructure risk management.”
—Sonal Patel is a POWER associate editor (@sonalcpatel, @POWERmagazine)
The post DHS Reportedly Warns that Russians Hacked Control Rooms appeared first on POWER Magazine.