On the day that Donald Trump had his first sit-down meeting with Russian President Vladimir Putin, reports have surfaced that nation-state hackers from the land of the bear have been targeting American nuclear facilities.
A report from the FBI and the US Department of Homeland Security obtained by the New York Times warned that an APT group has been targeting US energy facilities—including nuclear power plants—for the past two months. The targets include the Wolf Creek nuclear plant in Kansas. Attacks are focused on the human link, with most consisting of phishing attempts and watering-hole attacks. The perpetrators appear to be mapping networks in an intelligence-gathering effort for future attacks as well as probing for vulnerabilities.
The news adds to concerns raised by recent attacks on energy infrastructure in Ukraine.
"We have overall security hygiene issues as a country; critical infrastructure technology has been ignored for too long, and now we’re seeing the repercussions of that complacency,” said Mike Kail, CTO at Cybric, via email. “Companies need to rapidly adopt a much more continuous security strategy, along with a robust disaster recovery plan that gets tested frequently. My fear, much like the FBI and Department of Homeland Security report concluded, is that hackers are picking on relatively easy targets to rapidly gain knowledge on how to launch similar attacks against other countries (and corresponding critical infrastructure)."
The targets in question said that they have taken significant steps to isolate their ICS/SCADA environments from the general computing infrastructure, which would make a remote attack on the stations themselves significantly more difficult, even for a well-funded attacker. And so far, it appears that hackers have been able to gain access to administrative networks but not actual ICS systems. Nonetheless, the payoff for infiltration will likely keep them trying.
"Our electrical grid might be the single most important piece of technology that we need to protect – if you think about it, virtually every single facet of our lives today is entirely reliant on the ability of our countries to provide uninterrupted electric power,” said Richard Henderson, global strategist at Absolute Software, told Infosecurity. “Our entire world would quickly grind to a halt without power. We should not be surprised to learn of these targeted attempts by advanced attackers on our power stations; in fact, we should appreciate that this is the new reality of widescale interconnectivity and just how far the internet has reached in the past couple of decades.”
As far as attribution, current and former US officials told Bloomberg that Russia is the chief suspect: “The possibility of a Russia connection is particularly worrisome, former and current officials say, because Russian hackers have previously taken down parts of the electrical grid in Ukraine and appear to be testing increasingly advanced tools to disrupt power supplies.”
While at the time of this writing the White House had yet to issue a statement on what exactly was covered in the Putin-Trump meeting, Secretary of State Rex Tillerson told reporters that the US president “pressed” Putin several times on Russia’s involvement in the 2016 election-season hacking. Further details have not yet been forthcoming, but the upshot is unlikely to be surprising. Putin has long denied involvement, going to far as to say the perpetrators were private-citizen “patriots.”