Russian Energy Sector Hacking: What You Need To Know

(Photo Credit: Tony Webster, Flickr Creative Commons)

The US Department of Homeland Security and the FBI issued a joint alert that the Russian government has targeted the American energy sector with a series of cyber attacks.

“DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.” the alert says. “After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to industrial control systems.”

American officials and private security experts view the cyber attacks as a signal that Russians could disrupt critical facilities in the United States and Europe in the event of a conflict, the New York Times reported.

Here’s what you need to know:

• Russian government cyber actors have targeted critical infrastructure sectors in the United States since March 2016, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors, according to the alert.
• Computer screenshots released by the Department of Homeland Security last week demonstrate that Russian state hackers had the foothold they would have needed to manipulate or shut down power plants, according to the New York Times.
• A Symantec report from last October showed a sophisticated attack on the Western energy sector by a group that “appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so.”
• At least one nuclear plant was targeted, but the operating systems at nuclear plants tend to be legacy controls lacking digital control systems that can be exploited by hackers, Bloomberg reported.

Last summer federal government partners informed energy grid operators in North America about a threat targeting energy and critical manufacturing sectors, and released potential indicators of compromise, says Edison Electric Institute vice president of security and preparedness Scott Aaronson.

The EEI, which represents all US investor-owned electric companies, says it has been working across the sector and with government partners on protecting the grid from both cyber and physical security threats.

“Following the announcement of sanctions against Russian government cyber actors, the Electricity Information Sharing and Analysis Center provided additional indicators and other technical data to ensure electric companies in North America are prepared to protect and defend their networks,” Aaronson continued. “This information sharing is representative of the strong industry-government partnership which exists through the Electricity Subsector Coordinating Council, and is vital to guarding the energy grid from all possible threats.”

The threat is real. As Nicole Perlroth and David E. Sanger point out in the New York Times, a series of cyber attacks against the Ukraine last June paralyzed the country’s government agencies and financial systems.

As the threat of cyber attacks increases, there are several steps that energy managers can take. They include deploying redundancies, staying educated about infrastructure security and resilience, and using technologies that lessen the effects of an attack.

The 3rd Annual Environmental Leader & Energy Manager Conference takes place May 15 – 17, 2018 in Denver. Learn more here.