These attacks have been traced back to at least March 2016.
There are side references to the cyberattacks in the US sanctions that were just issued. I don’t think those sanctions alone will be enough to stop Russia from continuing to run roughshod over the world. They just keep pushing: An airliner shot down here; A peninsula annexed there; A few assassinations between “friends”. We’re in a new type of war, we’re noticing years too late, and it’s not clear yet whether we’re even going to fight. I’m feeling decidedly gloomy about this whole matter.
I just made a post about this in the Clusterfuck thread.
Maddow clarified that the hacking and control is not limited to administrative penetration. The Russians have penetrated actual control of facilities – including nuclear facilities.
I don’t in any way want to minimize the danger of attacks in the systems controlling our infrastructure. And my limited knowledge of the information security controls at nuclear power plants leads me to believe that the level of security protection of those facilities is really, really lacking. That said, what the Bloomberg article describes sounds like the typical attacks that have been going on for years. US organizations, including privately run infrastructure providers, have been deluged by phishing attacks and watering hole attacks for at least as long as I’ve been in the information security field (10ish years). And almost every network of any degree of complexity is always in some state of compromise. This is not to say we have no reason to worry, just that Russia and China and the DPRK and I’m sure other rivals and enemies of the US have been at this a long time. And, to be fair, I’m sure we’ve been doing it too. We unleashed the Stuxnet attack on Iran, and I doubt we called it quits after that.
The distinction was made that the attacks occurring now are different. There was a private warning made by Homeland Security/FBI last July about how the attacks had changed from attacks on administrative offices to direct control over the infrastructure plants themselves – meaning the ability to turn them on and off. In the Bloomberg piece cited above by Sunny Daze, it is noted that this new control includes one nuclear power plant in Kansas.
This new warning jointly issued by Homeland Security/FBI is public, and it includes code that all power plant operators should report if it is found in their systems.
BTW, the Bloomberg article mentions that “an industry-government partnership provided potential indicators of compromise” this week. My guess is that they’re referring to InfraGard, which is a partnership between the FBI and private industry, where each shares security information. I’ve been a member off and on for some time. The FBI frequently circulates new attack information to InfraGard members. They’ve been talking about threats to utilities and other services for years. The threat is real, just not in any way new or surprising.
It’s late and I’m into my third pint…but my reading of the article is that the plant in Kansas was attacked, and some systems may have been compromised, but I don’t get the sense that anyone has compromised these facilities to the point that they can actually shut them down (yet). And the sharing of code (“Indicators of Compromise”) is a routine part of what InfraGard does.
Again, compromise of critical infrastructure is a real threat, and the bad guys are attempting it every single day. I just don’t see anything in the article that is much different from what we’ve been living with for the better part of a decade.
There may well be Russians lurking around every corner, but these Russians have been lurking around this corner a long time.
I also pointed out that we’re seeing an escalation in real world threats in alignment with the cyber attacks, and have been for years if you look back.
2006 Litvenko is killed in Britain with polonium
2008 Russia invaded Georgia, a pro-West country.
2014 Russia invades the Ukraine and annexes Crimea (after the Obama reset)
2014 Malaysian passenger aircraft is shot down over Ukraine
2016 Election meddling in the US The Washington Post printed a story on Russian meddling in 19 other countries, including an attempted coup in Montenegro (?)
March 2016 cyber hacking attacks on US power grid with the intent to control the infrastructure itself
March 2017 Russia uses nerve agent in attack on former Russian agent and his daughter in Britain
Step by step they are testing their boundaries and we let them.
All of this in aid of what? Destabilization of the US and her allies at the very least. I would also venture that Russia hopes to expand back to the former borders and status of the USSR. Furthermore, they are attacking us, and our allies, at home. Somehow, here in the US, this has become a conversation about our internal politics and it should not be. It has fuck-all to do with our internal politics, other than that they are a weakness that has been pinpointed very successfully. We are in dismaying disarray.
Bayard, I’m aware of your points… have a close friend who worked for our little local electric cooperative for years who was also privy to the information you’re sharing. She was quite unnerved by how far the penetration had already gotten, and this was several years ago, as you point out.
This new report was characterized as different, because Russians have apparently now gained the ability to remote-control the actual plants, not just some administrative-type functions. But I’ll be quite happy to be full of shit on this point and defer to your experience.
Are you saying they’ve always been able to remote-control the powering up or shutting down of power infrastructure? Or that it hasn’t actually gotten that far – in which case, why are Bloomberg and other news outlets making it a story, do you think?
Bayard I agree with Aspenglow. This sounded more like stuxnet-level shenanigans (not necessarily stuxnet-type, if you follow me). That said, I’ve only seen a few press pieces, and the Maddow interview to date.
I know this wasn’t addressed to me, but I’m saying it hasn’t actually gotten that far. As for why the media is making a story out of it, I can only speculate, but I speculate that either they believe exaggerating this threat serves their purpose of undermining President Trump, or they’re playing for ratings.
That NYT article is promising. The Trump administration placing blame on Russia for this sounds like he may be coming around on the Russia issue. I was afraid he would make the same mistake Obama did with ISIS by underestimating them.
There’s a portion of the story here that I believe to be exaggerated / false. It’s this:
I don’t think the Russians have the ability to shut down any of our power plants at will. The actual alert doesn’t seem to indicate they do. Some shoddy “journalism” seems to have taken some wild-eyed sky-is-falling interpretation of that report and exaggerated it into “Russians can shut down our power plants at will”.