The Trump administration accused Russia on Thursday of orchestrating a campaign of cyberattacks that targeted the U.S. power grid.
Since at least March 2016, Russian hackers attempted to infiltrate numerous sectors of American infrastructure, including energy, nuclear, commercial facilities, water, aviation and manufacturing, according to a Department of Homeland Security report published on Thursday. The announcement came as the White House imposed sanctions against 19 Russians and five entities for allegedly interfering in the 2016 U.S. presidential election and other cyberattacks. Even though they never went that far, Russian actors gained the ability to disrupt or completely shut down power plants and other critical infrastructure in the U.S., says Robert Lee, CEO of the cybersecurity company Dragos. "The American power grid and the infrastructure owners and operators have been aware of it and are addressing it for the last year or so, but it's obviously increasing in frequency ... to the point that the government has decided to come out and say something publicly about it," he tells Here & Now's Peter O'Dowd.
The DHS report referred to an investigation by American cyber security firm Symantec last fall that found a group it named Dragonfly had broken into the core operations systems of energy companies in the U.S. and Europe. The hackers, which Symantec did not publicly name at the time, used phishing emails to gain access into the organizations.
The U.S. decision to publicly accuse Russia was "unprecedented and extraordinary," Amit Yoran, a former U.S. official who founded DHS's Computer Emergency Response Team, told Reuters. "I have never seen anything like this."
While Lee says the American electric power grid is resilient, there is still cause for concern in other energy sectors.
"This team is stealing the type of information that would be required to go down that path of doing disruption," he says. "And I think we must take it extremely seriously because of the attacks in Ukraine."
Lee says the tactics outlined in the DHS report are remarkably similar to those employed by Russia when it took down parts of Ukraine's electrical grid in 2015 and 2016. In the second attack, Russian hackers employed malicious software to carry out a fully automated assault on the power grid in Kiev. "It could have been done, for instance, on more than one grid company at a time," Andy Greenberg, senior writer at Wired, told Fresh Air last year. "It could have caused 10 or 15 different utilities to go out simultaneously. It could be adapted to work outside of Ukraine." But it turns out that the U.S. almost did the same thing it is now accusing the Russians of doing. The U.S. government allegedly planned to infiltrate the Iranian power grid if the nuclear deal fell through in 2015.
Lee says this highlights how the U.S. has prioritized offensive capabilities over defense of critical infrastructure. One reason for this is because the government does not own infrastructure, private companies do.
"So the government right now is struggling with how do we make sure that we maintain national security of our critical infrastructures, but at the same time stay out of the way of private sector who is actually responsible for most of the innovation," he says. Copyright 2019 NPR. To see more, visit https://www.npr.org.
Your support matters.
You make MPR News possible. Individual donations are behind the clarity in coverage from our reporters across the state, stories that connect us, and conversations that provide perspectives. Help ensure MPR remains a resource that brings Minnesotans together.