trending Market Intelligence /marketintelligence/en/news-insights/trending/rpeuia8cfatcva3wydrd2q2 content esgSubNav
In This List

Russian cyberattacks put American energy sector on alert

Podcast

Next in Tech | Episode 49: Carbon reduction in cloud

Blog

Using ESG Analysis to Support a Sustainable Future

Research

US utility commissioners: Who they are and how they impact regulation

Blog

Q&A: Datacenters: Energy Hogs or Sustainability Helpers?


Russian cyberattacks put American energy sector on alert

The United States' public naming of Russia as being responsible for ongoing cyberattacks against American critical infrastructure is resonating with the energy industry and cybersecurity insiders alike.

A U.S. Department of Homeland Security alert released March 15 blamed the Kremlin for a two-year-old cyber campaign to infiltrate computer networks and industrial control systems of critical infrastructure, including the power grid and nuclear power plants.

What Treasury Secretary Steven Mnuchin recently described as "destructive cyberattacks and intrusions" against U.S. critical infrastructure, including the targeting of business and administrative networks of nuclear plants, appear not to have disrupted the reliability of the power grid or any power plant operations. But widespread fear of Russia's hacking capabilities are not unfounded given that suspected Russian-sponsored hackers in December 2016 attacked the Ukraine power grid and left 80,000 people without electricity in the first-ever use of malware designed to shut down a power grid.

In a March 16 statement, the grid reliability organization the North American Electric Reliability Corporation said it has not received any reports of security threats affecting the operations or reliability of the bulk power system in North America. NERC said it is continuing to monitor the situation and update its members via its Electricity Information Sharing and Analysis Center, or E-ISAC. The California ISO also put out a statement, saying it has not experienced any major cyber incidents and is proactively coordinating with authorities.

Scott Aaronson, vice president of security and preparedness for the Edison Electric Institute, said the E-ISAC provided electric companies valuable information after the Trump administration announced the latest round of sanctions against Russia. The E-ISAC information sharing system "is representative of the strong industry-government partnership ... and is vital to guarding the energy grid from all possible threats," said Aaronson.

SNL Image

Reconstructed screenshots of a "human machine interface" that suspected Russian hackers used to copy profile configuration information for accessing industrial control systems.
Source: U.S. Department of Homeland Security

"Cyber readiness is a process, not an end-point — we need to stay on top of it," said spokesperson Nathan Mitchell, senior director of electric reliability standards and security for the American Public Power Association. "We must continue to remain vigilant."

Leading cybersecurity experts also weighed in. Dragos Inc. founder Robert Lee commended the Homeland Security alert for providing technical data with context and breaking down the "kill chain" instructions of an ongoing campaign. However, his firm noted that the advisory did not expose the activity of any new threat. The alert builds on previous research by the Symantec computer security firm released in September 2017 on the suspected Kremlin-sponsored hacker group identified as Dragonfly or Energetic Bear.

Future wars will be fought in cyberspace, and Russia is "clearly preparing the battlefield," observed former director of the North Atlantic Treaty Organization's Estonia-based cyber defense center Sven Sakkov on Twitter.

As long as repercussions for cyberattacks remain "light," the hacking will continue against the U.S. and other members of NATO's transatlantic military alliance, Sakkov said, noting the lack of any "retribution" by the West for the NotPetya ransomware attacks in June 2017 that snared companies and institutions across Europe and North America.

FireEye CEO Kevin Mandia went further in a CNBC interview with Jim Cramer and warned that Russia would win in an all-out total war in cyberspace against the more internet-dependent U.S.

Brian Harrell, president and chief security officer of The Cutlass Security Group, said in an email that Russia's interest in compromising the "coveted crown jewels" of industrial control systems is "not to necessarily take anything, but to prove they can access our systems and cause us to feel unsettled."

"Unfortunately, the current ... alert, legal indictments, sanctions or public shaming will not have any effect on Russian cyber intrusions," said Harrell. "However, we must continue to increase pressure until they change their behavior and become a responsible member of the international community."

Galen Rasche, senior program manager for cybersecurity at the Electric Power Research Institute, expressed surprise that the U.S. government publicly attributed the cyberattacks to the Russian government since traditionally governments forgo naming perpetrators.

"To a defender, though, the attribution really isn't that important," Rasche said. "We really don't care who is sitting on the other side of the computer. We care about the tactics, techniques and procedures that they use and how we are going to defend against them. Really the attribution is more important in the political climate."

Mark Watson is a reporter for S&P Global Platts which, like S&P Global Market Intelligence, is owned by S&P Global Inc.