It was inevitable that someday, hackers would have the ability to exert control over the U.S. electrical grid. According to the computer security firm Symantec, someday is today.
Hacking attacks over the last several months that targeted U.S. energy companies have been able to gain “operational control” over systems, thus threatening blackouts across the U.S., says Symantec. The hacker group known as DragonFly 2.0 was able to gain control in at least 20 places, according to the firm.
Symantec on Wednesday revealed a new campaign of attacks by a group it is calling Dragonfly 2.0, which it says targeted dozens of energy companies in the spring and summer of this year. In more than 20 cases, Symantec says the hackers successfully gained access to the target companies’ networks. And at a handful of US power firms and at least one company in Turkey – none of which Symantec will name – their forensic analysis found that the hackers obtained what they call operational access: control of the interfaces power company engineers use to send actual commands to equipment like circuit breakers, giving them the ability to stop the flow of electricity into US homes and businesses.
“There’s a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage … being able to flip the switch on power generation,” says Eric Chien, a Symantec security analyst. “We’re now talking about on-the-ground technical evidence this could happen in the US, and there’s nothing left standing in the way except the motivation of some actor out in the world.”
Never before have hackers been shown to have that level of control of American power company systems, Chien notes. The only comparable situations, he says, have been the repeated hacker attacks on the Ukrainian grid that twice caused power outages in the country in late 2015 and 2016, the first known hacker-induced blackouts.
Security firms like FireEye and Dragos have pinned those Ukrainian attacks on a hacker group known as Sandworm, believed to be based in Russia. But Symantec stopped short of blaming the more recent attacks on any country or even trying to explain the hackers’ motives. Chien says the company has found no connections between Sandworm and the intrusions it has tracked. Nor has it directly connected the Dragonfly 2.0 campaign to the string of hacker intrusions at US power companies – including a Kansas nuclear facility – known as Palmetto Fusion, which unnamed officials revealed in July and later tied to Russia.
Chien does note, however, that the timing and public descriptions of the Palmetto Fusion hacking campaigns match up with its Dragonfly findings. “It’s highly unlikely this is just coincidental,” Chien says. But he adds that while the Palmetto Fusion intrusions included a breach of a nuclear power plant, the most serious DragonFly intrusions Symantec tracked penetrated only non-nuclear energy companies, which have less strict separations of their internet-connected IT networks and operational controls.
The first question I would want answered is, if they have that sort of control, why not exercise it? Why no blackouts or service interruptions in the U.S.?
Hacking Sony or another private business is one thing. Fooling with our electrical infrastructure is many orders of magnitude more serious. If a sovereign nation were behind such an event, it would be tantamount to a declaration of war. Unless the attacking nation was supremely confident that the hack couldn’t be traced back to it, the nation would be unlikely to attempt it.
Causing a blackout in a major urban area would almost certainly result in many deaths. We know this from previous blackouts in New York City, where the 2003 power outage is estimated to have resulted in 100 deaths. This would be intolerable, and if the attack could be traced back to Russia or China, it would result in retaliation by the U.S. We’re no slouches ourselves when it comes to cyber-warfare, and we could almost certainly make any country pay dearly.
But in a time of war, that kind of control over our electrical grid could wreak havoc and sow confusion and fear among the populace. In the meantime, it would behoove the government to work with industry to harden our systems to prevent that kind of catastrophe.
I suspect this group of hackers is waiting for a moment of their choosing when electrical disruption in the US can have the most dramatic impact. Time will tell, time will tell. John
The Super Bowl. Right at halftime so no one gets to see Janet Jackson’s shriveled tit or Beyoncé rallying her black supremacist army. The outrage it would cause – coupled with a pint of cheese dip – would cause coronaries throughout the land. The Russians could invade and take our women – if only they wanted them.
As with everything power-related (including government power), decentralization IS SUPERIOR. We are vulnerable as a nation specifically because power from the beginning was pushed in the direction of central control and distribution rather than local production and control. THAT is the reason why “off grid” folks are being attacked, jailed, etc. It is all about control. We as a society put 90+% of our children in the hands of the government every day, we put virtually our entire economy in the hands of the government and their protected “private” cartel of banks, our airlines, our security, our money, etc. and nearly all of it is controlled from Washington DC by 535 unaccountable politicians. Power in ALL forms must come back into our own hands or at least as close as is humanly possible if we are EVER to be truly safe and free again.
How can these systems be connected to the outside world? How idiotic. There’s no excuse for that. There needs to be NO connection to the internet.
“If a sovereign nation were behind such an event, it would be tantamount to a declaration of war. Unless the attacking nation was supremely confident that the hack couldn’t be traced back to it, the nation would be unlikely to attempt it.”
Or unless the attacking nation was smart enough to have it traced back to one of its enemies. Like, say, the Ukraine having it traced back to Russia or South Korea having it traced back to North Korea.
I’ve read for years we’ve been infiltrated by a variety of hackers. I forget where I read they found Chinese code embedded in power company computers, creating back doors for the hackers to return and wreak havoc later. I’ve always assumed this was state-supported hackers intended as an additional form of sabotage in case of war. I figure that’s why we shy away from actually doing anything to more powerful states; they have the ability to make it hurt for us. The minute we launch a jet or load a round aimed at, say, Russia, I fully expect their FSB to order their hackers to turn off our entire infrastructure, air traffic control, stock markets, internet, cell phones, etc. The Russians did that to Estonia in 2007. Russian hackers shut down the entire country for several days as revenge for them removing a WWII Russian memorial. The event was so big and scary, NATO established their Cyber Defense Center in Estonia and the event is studied to this day.