The Russians Hacked A U.S. Power Grid During The Holidays, And Few Noticed
BURLINGTON, Vt. — Malware used by Russian hackers has been detected in a Vermont power company’s computer, and at least one cybersecurity expert says the incident is not “happenstance.”
The concern is that hackers could take down the power grid, either regionally or nationally, with the click of a mouse. Ted Koppel’s 2015 book Lights Out warned that a major cyberattack could leave the power grid down for weeks or months.
“We have been monitoring RIS (Russian civilian and military intelligence Services) activities for some time and what we know is that the Vermont utility hack is part of a sophisticated and ongoing advanced persistent threat campaign by Russian cyber operatives to profile vulnerabilities in the U.S. power grid,” Darin Anderson, the chief executive of the trade group CyberTECH, told The San Diego Tribune.
The unidentified malware was detected in a laptop at the Burlington Electric Department on Dec. 29 following an alert by the Department of Homeland Security (DHS), according to a press release by the utility department. The same malware code has been used by a group of hackers called Grizzly Steppe.
Grizzly Steppe was one of the groups accused of hacking the Democratic National Committee during the presidential campaign.
“We acted quickly to scan all computers in our system for the malware signature,” said Mike Kanarick, director of customer care, community engagement and communications with the Burlington Electric Department. “We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding.”
The code was found just days after suspected Russian hackers managed to shut off one-fifth of the power in Ukraine’s capital city of Kiev.
Todd O’Boyle, chief technology officer of the security firm Percipient Networks in Wakefield, Mass., told the Tribune that “organizations don’t just get targeted based upon happenstance.”
“If this was the Russians, they are there for a reason,” he said. “They want something. Maybe it’s how to build better power grids. Maybe it’s preparing for a catastrophic attack. Maybe the target is a hopping point to their real destination.”
Intelligence officials are so concerned about Russian hacking that they alerted executives from the financial, utility, transportation and other essential industries, The Washington Post reported. The hope was to help industry IT experts detect malware.
“As a security practitioner, one of the top concerns I have is a successful attack against our critical infrastructure such as power grids, water systems, transportation systems, etc.,” Gary Davis of the California-based Intel Security, told the Tribune. “Homeland Security has identified 16 critical infrastructure sectors. A successful attack on any one could have substantial and long-term consequences.”
“We’ve already seen successful cyber-attacks in some developing countries and the closer connected devices come in mass to critical infrastructure the greater the chance of a successful attack,” David said. “In fact, reading the article reminds me of a discussion I had with the United Nations earlier this year. After a presentation I had given there about the threat landscape especially as it relates to the Internet of Things or IoT, a couple of its representatives pulled me aside and told me that several of its member nations biggest concern is that a teenager could take down the country’s critical infrastructure.”
Mark Weatherford, the chief cybersecurity analyst for vArmour, told the newspaper that “if you did a 100-percent sampling of utilities, you would probably find a lot of this activity.”
What is your reaction? Do you believe the Russians are trying to take down the U.S. power grid? Is America prepared? Share your thoughts in the section below: