The newest cyber threat troubling top U.S. government officials is the prospect of Russian hackers breaking into the U.S. power grid and selectively causing blackouts across the country. According to officials at the Department of Homeland Security (DHS), members of a shadowy, state-sponsored group known as Dragonfly or Energetic Bear have been escalating hacking attacks on the U.S. energy grid, nuclear facilities and other critical U.S. infrastructure since 2014. The next inevitable step is for these hackers to “throw the switch” on control systems at power plants in order to cause blackouts.
How the Russian hackers got access to the power grid
The Russian hacking collective known as Dragonfly (and also as Energetic Bear) worked indirectly to gain access to U.S. utility control rooms, say DHS officials. First, they gained access to networks of key utility vendors using simple tactics such as spear-phishing attacks and watering-hole attacks. Once they gained the right passwords and credentials, that’s when they went to work studying the ins and outs of the U.S. power grid using their newfound backdoor access.
Since these utility vendors had the ability to update software and run diagnostics, hackers who worked for a Russian state sponsored group gained a valuable back door into key elements of the national power grid. What if, for example, they decide to delete some of the grid software instead of updating it? Or what if these Russian hackers decide to alter the diagnostics testing in order to expose the system to more risk?
The real concern, say DHS officials, is that Russian hackers will eventually get to the point where they could automate hacking attacks from a distance. In the event of a military escalation, for example, Russian hackers could essentially press a button and turn off parts of the U.S. power grid, plunging the nation into darkness and chaos.
Defensive measures against Russian hackers
The big question, of course, is whether the U.S. can stop these hacker attacks, even if they know that they are coming. According to U.S. Director of National Intelligence Dan Coats, the U.S. is at “a critical point.” He compared the current situation to the one that existed before 9/11, when the U.S. might have known about chatter from Islamic radicals preparing to attack the U.S., but did nothing about it.
As Coats and others in the U.S. intelligence community have pointed out repeatedly, Russian hackers are not alone in looking for weaknesses. China, Iran and North Korea have also looked for a way to disrupt the U.S. power grid. But the Russians have been the most persistent and pervasive. The primary intent right now might not be militarily related. Instead, it is simply to sow discord and undermine American democracy.
The U.S. is starting to take action against these malicious Russian hackers, but is it a case of too little, too late? The head of the U.S. Cyber Command, for example, has launched a special task force known as the Russia Small Group to counter Russian cyber threats.
Can cyber attacks on a power grid be an act of war?
At the same time, officials at the Department of Homeland Security are taking steps to clarify what would – and what wouldn’t – amount to an “act of war.” For example, it has been known for years that state actors – including both Russia and China – have been actively stealing data, information and intellectual property from the United States. These cyber intrusions into government contractors and government agencies, while troublesome, would not amount to an act of war.
However, in January 2017, the Department of Homeland Security specifically noted that a sustained hacking of the U.S. election system would amount to an act of war. And now it appears that a cyber attack on critical infrastructure, in which hackers infiltrate the control room of utilities, would also amount to an act of war. In other words, if the Dragonfly Russian hackers continue to hack the power grid and inadvertently cause a blackout along the East Coast of America, that would represent an act of war.