It is now beyond reasonable doubt that the United States is under consistent digital attack by foreign hacking groups linked to hostile governments.
This year cybersecurity company Symantec has linked a Russian hacking group, known by their pseudonym’s “Dragonfly” and “Energetic Bear”, to dozens of hacking attempts on energy companies and nuclear power plant operators.
Fifty of those targeted were U.S. companies and power plants.
The groups have previously been tied to the Russian government. This begs the question: how involved is the Russian government in this series of cyber attacks, and what is the underlying motive?
A possible answer could lie in the ongoing conflict in Ukraine. Kremlin-linked hacking groups have twice successfully caused blackouts thanks to sophisticated attacks, and it now appears that they are exploring that strategic option against the United States.
The Symantec report states:
The original Dragonfly campaigns now appear to have been a more exploratory phase where the attackers were simply trying to gain access to the networks of targeted organizations. Now the attackers may be entering into a new phase, with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future.
It cannot be understated how grave a disruption to the U.S. power grid could be. Millions of dollars in revenues would be lost across the board, not to mention the disruption to key services such as transport, utilities and hospitals.
Luckily it seems that these hackers haven’t been able to gain access to control equipment in most cases, but rather have been gathering intelligence on potential targets.
However, in the cases where they did gain access to control equipment, their subsequent actions have been particularly worrying. Vikram Thakur, the technical director at Symantec, stated:
The ones where the attackers were able to get on the operational side of the house were the scariest to us. We’ve seen them get on these operational computers and start taking rapid-fire screenshots. Some would show maps of what’s connected to what.
These actions bear the hallmarks of the planning stage of an operation to cause significant disruption to power networks.
Robert Lee, CEO of Dragos, an industrial cyber security firm, is slightly less worried:
It is very concerning to see threat actors targeting the U.S. energy sector but we have to be very careful in assuming adversary intent and motivations… We’ve seen no indication that there’s an ability to take down infrastructure. Of course, we don’t want them to have that option.
Even if they don’t have the ability to affect the U.S. power grid, the fact that they’re actively conducting reconnaissance is indicative of future intentions.
Alongside attacking energy networks, hackers have also been conducting sophisticated phishing campaigns against key engineers and technicians in the industry. Such attacks take the form of a malicious e-mail designed to look like a party invitation or some other innocuous content.
Another method in the hacker’s toolkit is malicious code planted on industry journal websites and magazines frequented by energy engineers. This code can plant malware that will reveal key data such as login details that could later be used to gain access to key systems.
One of the key systems that could be targeted is SCADA, or Supervisory Control and Data Acquisition. This is essentially the electronic nervous systems that allows industry employees to remotely monitor and control important systems such as pumps, motors, relays and valves that underpin modern infrastructure.
Cyber security experts have been warning for years that such a system was susceptible to attack, and in 2015 this threat materialized when a hacking operation known as Sandworm successfully took a Ukrainian power plant offline, causing major blackouts that left 225,000 people without electricity.
Thankfully the United States’ security agencies are far more comprehensive than Ukraine’s, and the consequences of an attack on the United States are far graver, but this doesn’t eliminate the possibility that the United States could suffer from a similar digital assault.
With the relationship between President Donald Trump’s administration and the Russian Government under increasing strain over the closure of Russian diplomatic missions in the U.S., it’s possible that the Kremlin might consider a hack (or the threat of a hack) against the U.S. power grid a viable strategic option to get what it wants.
Naturally, this would all be done by the various hacking groups directed but not controlled by the Kremlin, giving the Russians some deniability and avoiding a world conflict.
It’s time that the Trump administration took the Russian threat seriously. Trump’s admiration of Putin can only go so far.