The newest cyber threat troubling top U.S. government officials is the prospect of Russian hackers breaking into the U.S. power grid and selectively causing blackouts across the country. According to officials at the Department of Homeland Security (DHS), members of a shadowy, state-sponsored group known as Dragonfly or Energetic Bear have been escalating hacking attacks on the U.S. energy grid, nuclear facilities and other critical U.S. infrastructure since 2014. The next inevitable step is for these hackers to “throw the switch” on control systems at power plants in order to cause blackouts.
How the Russian hackers got access to the power grid
The Russian hacking collective known as Dragonfly (and also as Energetic Bear) worked indirectly to gain access to U.S. utility control rooms, say DHS officials. First, they gained access to networks of key utility vendors using simple tactics such as spear-phishing attacks and watering-hole attacks. Once they gained the right passwords and credentials, that’s when they went to work studying the ins and outs of the U.S. power grid using their newfound backdoor access.
Since these utility vendors had the ability to update software and run diagnostics, hackers who worked for a Russian state sponsored group gained a valuable back door into key elements of the national power grid. What if, for example, they decide to delete some of the grid software instead of updating it? Or what if these Russian hackers decide to alter the diagnostics testing in order to expose the system to more risk?
The real concern, say DHS officials, is that Russian hackers will eventually get to the point where they could automate hacking attacks from a distance. In the event of a military escalation, for example, Russian hackers could essentially press a button and turn off parts of the U.S. power grid, plunging the nation into darkness and chaos.
Defensive measures against Russian hackers
The big question, of course, is whether the U.S. can stop these hacker attacks, even if they know that they are coming. According to U.S. Director of National Intelligence Dan Coats, the U.S. is at “a critical point.” He compared the current situation to the one that existed before 9/11, when the U.S. might have known about chatter from Islamic radicals preparing to attack the U.S., but did nothing about it.
As Coats and others in the U.S. intelligence community have pointed out repeatedly, Russian hackers are not alone in looking for weaknesses. China, Iran and North Korea have also looked for a way to disrupt the U.S. power grid. But the Russians have been the most persistent and pervasive. The primary intent right now might not be militarily related. Instead, it is simply to sow discord and undermine American democracy.
The U.S. is starting to take action against these malicious Russian hackers, but is it a case of too little, too late? The head of the U.S. Cyber Command, for example, has launched a special task force known as the Russia Small Group to counter Russian cyber threats.
Can cyber attacks on a power grid be an act of war?
At the same time, officials at the Department of Homeland Security are taking steps to clarify what would – and what wouldn’t – amount to an “act of war.” For example, it has been known for years that state actors – including both Russia and China – have been actively stealing data, information and intellectual property from the United States. These cyber intrusions into government contractors and government agencies, while troublesome, would not amount to an act of war.
However, in January 2017, the Department of Homeland Security specifically noted that a sustained hacking of the U.S. election system would amount to an act of war. And now it appears that a cyber attack on critical infrastructure, in which hackers infiltrate the control room of utilities, would also amount to an act of war. In other words, if the Dragonfly Russian hackers continue to hack the power grid and inadvertently cause a blackout along the East Coast of America, that would represent an act of war.
If it really were the case that Russian hackers had access to the rooms of a U.S. utility, what would be the proper response? Right now, the response to threats of cyber attacks has been a lot of tough talk and posturing. But an act of war would require a “proportional response.” That could become a difficult undertaking –especially since cyber threats are notorious for being very difficult to track to the original source actor. What happens, for example, if it is really the Chinese behind the attack on electrical utilities, but all accounts and IP addresses are spoofed to appear as if the attacks on utility networks were coming from Russia?
Russian election meddling and Russian power grid meddling
The issue of Russian hackers meddling in the U.S. power grid might not be such a big issue, of course, were it not for the current investigation of Special Counsel Robert Mueller into Russian election meddling and possible collusion with the Trump administration during the 2016 U.S. presidential election. That investigation recently added indictments of 12 Russian intelligence officers for their role in hacking emails and servers belonging to Hillary Clinton and the Democratic National Committee (DNC).
This investigation complicates any discussion of power grid meddling for two reasons. First of all, it encourages Democrats (and especially supporters of Hillary Clinton) to push the case that U.S. President Donald Trump is somehow a “Manchurian Candidate” under the control of the Russians. Why else, they claim, would he be turning a blind eye to current Russian hackers trying to access electric utilities and power plants?
Russian #hackers gained access to U.S. utility control rooms through key vendors using simple #phishing and watering-hole attacks.
Click to Tweet
And, secondly, continued stories of Russian hacking and meddling could back the Trump administration into a corner. In order to avoid appearing weak on Russia, they might have to escalate their own rhetoric and actions. One thing could lead to another, and a war that nobody wants could actually become a reality. What happens, for example, if hackers completely unrelated to Russia do manage to attack a power company and throw the wrong switch, resulting in an attack that claims hundreds of victims? The only possible response might be war.
Going forward, it is clear that cybersecurity is becoming an increasingly complex issue. Once purely an IT issue, it has now become a matter of national security. A few years ago, Russian hackers might have been content with merely seeing whether or not it was possible to hack into the U.S. power grid. Now that they have peered inside utility networks and understand how they work and what their vulnerabilities are, there may indeed be a clear and present danger to the U.S. power grid.