U.S. officials said Russian government hackers have broken into systems at U.S. nuclear power plants and also have made cyber intrusions into the business systems of other energy companies, according to several reports over the past week.

Cybersecurity experts say the threats against U.S. facilities are real and likely to continue, as power plant operators work to make their plants more secure against such attacks.

“In the U.S. there are regulations in place that [say] critical assets have to be protected against cyberattack. Those systems have to be isolated,” said Edwin Lyman, senior scientist with the Global Security Program at the Union of Concerned Scientists, a nonprofit group of scientists and engineers that works on global issues including nuclear power. “In this case, [the hackers] were only able to penetrate business and administrative systems, but there are opportunities for other systems to be compromised.

“Many U.S. nuclear plants are old, and still analog … there aren’t any digital control systems available to sabotage,” Lyman told POWER on July 10. “But these systems are not completely impervious to attack. There are still ways to cause havoc. It would be shortsighted to think otherwise. We need to have a broader view of what an attack could be.”

The Washington Post on July 8 reported that U.S. officials said there is no evidence the hackers were able to control or disrupt power systems, but rather were accessing things such as personnel files and information about business operations.

The New York Times said a joint report recently issued by the FBI and the Department of Homeland Security (DHS) carried an urgent amber warning, the second-highest rating for the severity of the threat. The Times said that report specifically mentioned that one of the companies targeted was the Wolf Creek Nuclear Operating Corp., which operates a nuclear plant near Burlington, Kansas.

The Wolf Creek Generating Station, a nuclear plant near Burlington, Kansas, was targeted by Russian hackers in a cyberattack, according to U.S. government officials. Courtesy: NRC
The Wolf Creek Generating Station, a nuclear plant near Burlington, Kansas, was targeted by Russian hackers in a cyberattack, according to U.S. government officials. Courtesy: NRC

No Threat to Public Safety

The DHS in a statement Friday said there is no threat to public safety. The agency did not identify any of the facilities targeted. If a U.S. nuclear facility was impacted by a cyberattack, a publicly available report would have to be made to the Nuclear Regulatory Commission.

Reuters reported that the joint report from Homeland Security and the FBI, sent to energy companies at the end of June, said that “advanced, persistent threat actors,” a term generally used to describe sophisticated foreign hackers, had been using stolen log-ins and passwords to intrude on company networks. At the time, Russia was not identified as the source of the attacks.

David Campbell, chief information security officer and vice president of information technology with SendGrid in Boulder, Colo., told POWER on July 10 that “In short, the main issue with critical infrastructure such as the nuclear grid is that they use SCADA (supervisory control and data acquisition) systems that were never intended to be connected to the Internet.  As such, when such systems are connected to the Internet, they are difficult to secure and are prone to compromise. Even well-hardened critical infrastructure systems [such as default passwords changed, software patched] are susceptible to social engineering attacks [sometimes called spear phishing] perpetrated against the operators of these systems.”

Foreshadowing a Larger Cyberattack

U.S. and energy industry officials told the Post this is the first time to their knowledge that Russian government hackers have accessed the networks of U.S. nuclear plants. Officials are concerned it could foreshadow a larger cyberattack. Reports said the National Security Agency (NSA) has found specific activity by the FSB, the Russian spy agency, targeting energy companies, although the NSA has not commented on the reports.

The Post report came just after President Donald Trump and Russian President Vladimir Putin, in a July 8 meeting at the G20 summit in Hamburg, Germany, agreed to set up a bilateral group to work on cybersecurity. Putin said the group’s purpose would be to “prevent interference in the domestic affairs of foreign states, primarily in Russia and the U.S.” U.S. intelligence officials earlier this year said Russia interfered in the 2016 U.S. presidential election, although Putin has continually denied any interference.

Trump late on July 9 said his discussion with Putin about working together on cybersecurity “doesn’t mean I think it can happen.”

Russian hackers have long been suspected of targeting power plants and other industrial facilities. U.S. intelligence officials said the Russian government targeted U.S. infrastructure computer systems in 2014. Russian hackers are considered the main suspects in a disruption of power networks in Ukraine in December 2016 and also in December 2015. Ukraine’s president, Petro Poroshenko, told WIRED magazine earlier this year that repeated cyberattacks against his country are happening with the “direct or indirect involvement of secret services of Russia, which have unleashed a cyberwar against our country.”

-Darrell Proctor is a POWER associate editor (@DarrellProctor1, @POWERmagazine)