U.S. officials say Russian government hackers have penetrated energy and nuclear company business networks
Russian government hackers were behind recent cyber-intrusions into the business systems of U.S. nuclear power and other energy companies in what appears to be an effort to assess their networks, according to U.S. government officials.
The U.S. officials said there is no evidence the hackers breached or disrupted the core systems controlling operations at the plants, so the public was not at risk. Rather, they said, the hackers broke into systems dealing with business and administrative tasks, such as personnel.
At the end of June, the FBI and the Department of Homeland Security sent a joint alert to the energy sector stating that “advanced, persistent threat actors” — a euphemism for sophisticated foreign hackers — were stealing network log-in and password information to gain a foothold in company networks. The agencies did not name Russia.
The campaign marks the first time Russian government hackers are known to have wormed their way into the networks of American nuclear power companies, several U.S. and industry officials said. And the penetration could be a sign that Russia is seeking to lay the groundwork for more damaging hacks.
The National Security Agency has detected specific activity by the Russian spy agency, the FSB, targeting the energy firms, according to two officials. The NSA declined to comment. The intrusions have been previously reported but not the attribution to Russia by U.S. officials.
The joint alert from the FBI and DHS, first reported by Reuters on June 30, said the hackers have been targeting the industry since at least May. Several days earlier, E & E News, an energy trade publication, had reported that U.S. authorities were investigating cyber-intrusions affecting multiple nuclear-power-generation sites.
The malicious activity comes as President Trump and Russian President Vladimir Putin on Friday acknowledged “the challenges of cyberthreats” and “agreed to explore creating a framework” to better deal with them, including those that harm critical infrastructure such as nuclear energy, according to Secretary of State Rex Tillerson in remarks to reporters. On Saturday, Putin told reporters that he and Trump agreed to set up a working group “on the subject of jointly controlling security in cyberspace.”
The Russian government, which is the United States’ top adversary in cyberspace, targeted U.S. infrastructure in a wide-ranging campaign in 2014.
Moscow has demonstrated how much damage it can do in other countries when it goes after energy systems.
In December 2015, Russian hackers disrupted the electric system in Ukraine, plunging 225,000 customers into darkness. Last December, they tested a new cyberweapon in Kiev, the Ukrainian capital, capable of disrupting power grids around the world.
The recent activity follows the U.S. intelligence community’s conclusion that the Kremlin was behind a campaign to interfere with the 2016 election through hacking and information warfare. Putin has denied such meddling.
The working group that is being set up will also address “how to prevent interference in the domestic affairs of foreign states, primarily in Russia and the U.S.,” Putin said.
The U.S. officials all stressed that the latest intrusions did not affect systems that control the production of nuclear or electric power.
“There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks,” the DHS and FBI said in a joint statement Friday.
One nuclear power company that was penetrated, Wolf Creek Nuclear Operating Corp. in Kansas, issued a statement saying that “there has been absolutely no operational impact to Wolf Creek.” The reason is that the plant’s operational computer systems are completely separate from the corporate network, spokeswoman Jenny Hageman said. “The safety and control systems for the nuclear reactor and other vital plant components are not connected to business networks or the Internet,” she said.
In general, the nation’s 100 or so commercial nuclear power plants are safer from cyberattack than other energy plants because they isolate their control systems from the open Internet, said Bill Gross, director of incident preparedness at the Nuclear Energy Institute.
According to U.S. officials, fewer than a dozen energy companies, including several nuclear energy firms, were affected by the latest Russian cyber-reconnaissance campaign.