Well, here’s some electrifying news. At a forum for cyber researchers in Washington DC today, representatives of threat intelligence firm FireEye made clear that the US power grid, while strong and well-defended, is nevertheless the subject of continued, ongoing probes from Russian hackers. FireEye analyst Alex Orleans put it this way, in comments reported by Wired: “There’s still a concentrated Russian cyber espionage campaign targeting the bulk of the US electrical grid. The grid is still getting hit.”
That report goes on to actually identify a group of Russians engaged in this effort via the names TEMP.Isotope, Dragonfly 2.0 and Energetic Bear. The group apparently relies on a combination of off-the-shelf hacking tools and techniques as well as at least one custom-made system backdoor, though the US has solid defenses including resilience standards via the North American Electric Reliability Corporation Critical Infrastructure Protection requirements. “These,” according to the Wired report, “created minimum baselines for defending against and dealing with natural disasters, but also promoted best practices for network defense, including two-factor authentication, network segmentation, data storage protections, and strict access controls for both network owners and third-parties.”
So that’s good. But at the same time, not every piece of the grid is up to those standards yet. Some entities, for example, subcontract to deliver power at the local level and don’t have as robust a level of defenses yet. And while that may sound worrisome, the implication here is not necessarily that the US is in imminent danger of hacker-triggered power shutdowns or blackouts. These seem to be more intelligence-gathering operations, for now. Plus, efforts like these gum up the works. It requires time and resources to monitor them and build up defenses against hackers from Russia (as well as Iran and North Korean, though the power grid probes appear to be mostly coming from Russia, at least according to this piece). And that’s effort and resources that could have been spent on other things.
Continues Wired: “If you can sow discord, confusion, and fatigue, you can attack an adversary by frustrating them rather than by masterminding an all-out physical assault. And though grid hacking may not have yet reached a boiling point in the US, the FireEye researchers warn that consistent probing should be taken as seriously as dramatic attacks.”
The piece ends with this ominous-sounding comment from Orleans, who says he thinks that “we likely haven’t fully uncovered the extent to which (the Russians) have gotten into the wires.”