Cyberattacks Raise Alarm for U.S. Power Grid
Experts believe Russian hackers linked to the DNC breach are also behind attacks on utilities in Ukraine and U.S., leaving domestic power grid exposed
Cyberattacks that have knocked out electric utilities in Ukraine, including one suspected hack earlier this month, have renewed concern that computer criminals could take down portions of the U.S. power grid.
That fear was underscored this week when senior administration officials said that teams of Russian hackers have “targeted critical infrastructure even beyond what they did” with political organizations in an attempt to interfere in the U.S. presidential election.
The Obama administration on Thursday announced sanctions that include expelling about three dozen Russians. Meanwhile, the FBI and Homeland Security said in a report that malicious Russian cybercampaigns continued after the election and a senior official said “Russia is not going to stop.”
A team of Russian hackers that has been linked to this year’s cyberbreach of the Democratic National Committee was also behind a successful attack in 2015 on three different utilities in Ukraine that caused unprecedented blackouts, according to government and independent security experts.
The same group is thought by those experts to be behind successful cyberattacks on several U.S. energy companies in 2014 that gave the hackers access to company industrial control networks.
In mid-December, Ukraine’s capital city of Kiev suffered another partial power outage when a high-voltage electric substation turned off under suspicious circumstances.
“We’re 99% sure that it was a hacker,” said Vsevolod Kovalchuk, chief executive of Ukrenergo, the utility that operates the backbone of Ukraine’s power transmission network.
Shortly before midnight on December 17, someone started disconnecting circuit breakers through remote means until the electrical substation was completely disabled, Mr. Kovalchuk said.
Utility employees re-energized the substation by manually restoring equipment to their “on” positions. Substations are linchpins in all power grids because they control voltage levels and direct the flow of electricity down power lines.
Mr. Kovalchuk said he believes the latest attack was well planned because the targeted substation is one of the utility’s most automated. An official investigation could take another week but should identify the perpetrator and malware, he said.
American officials believe a cyber-campaign against the U.S. energy industry in 2014 resulted in at least 17 companies’ systems being penetrated, including four electric utilities. Their identities aren’t publicly known. The U.S. power grid is a gigantic system of interconnected electric networks, which means successfully taking down one or more utilities could destabilize larger areas of the grid.
The U.S. Department of Homeland Security has said the attackers in the 2014 blitz were able to steal data and gain private network access, which could allow them to remotely adjust equipment settings.
A recent report by FireEye, a Silicon Valley cybersecurity company, said the Russian group has evolved its malware to use “flexible and lasting platforms indicative of plans for long-term use.”
Russia’s embassy press office in Washington, D.C. didn’t respond to requests for comment, but in the past officials have denied state involvement in hacking.
Frank Cilluffo, a former homeland security adviser during the George W. Bush administration, said such brazen attacks signal a cyber Cold War has broken out. “We need to raise the cost and consequence” of these acts, he said.
Officials at the Department of Homeland Security declined to comment beyond Thursday’s briefing.
The team that is believed to have attacked U.S. and Ukrainian energy companies used malware dubbed BlackEnergy, which functioned like a propped-open door that allowed them to conduct lengthy reconnaissance.
“Russia is the most capable cybersecurity adversary we have,” said Keith Smith, vice president of threat intelligence at Root9B, a network security company. “They penetrated the DNC with a module strikingly similar to BlackEnergy.”
U.S. officials believe the cyberattack of Ukraine’s power grid started in March 2015 as a “spear-phishing” foray in which emails to utility employees appeared to contain information on military mobilization. Workers who clicked on boxes to “enable macros” infected their computers with the malware. Once the hackers established a beachhead, they prowled around company networks and eventually stole the credentials needed to gain access to utilities’ operations.