Cyberattacks on Nuclear Facilities Threaten Power Grids

One of the scariest books that I have ever read is “One Second After” by William Forstchen. The book is the gripping story of what happens to a small North Carolina town after a nuclear electromagnetic pulse attack on the United States. After the EMP destroys the power grids for the entire country, starvation and anarchy become the order of the day. Now it seems that hackers may soon be able to achieve the same result without a nuclear missile.

The New York Times details an urgent joint report by the FBI and the Department of Homeland Security that says that hackers have been attacking computer networks of nuclear power and other energy companies since May. The attacks have occurred in the United States as well as other countries.

The extent of the attacks is not known. The report also did not specify whether the goal of the hackers was commercial espionage or something more destructive, such as disabling safety systems or shutting down electric power production and distribution grids. The story cites a joint statement by the FBI and DHS that said, “There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.”

According to the report, the hackers appeared to be mapping the computer systems in possible preparation for a future attack. The code used in the attacks has not been fully analyzed to confirm this theory.

The strategy seems similar to the pattern of cyberattacks on the Ukraine by Russia. In December 2015, intrusions similar to the foray into American energy company computers preceded a hacker-caused blackout in the Ukraine. Wired reports that power was restored to most areas after a few hours, but that it took months to fully restore operational control.

The hackers in the Ukraine cyberattack rewrote the firmware that controls critical equipment at some substations so that even though the power was on, operators could not control the breakers remotely. The Ukrainians had to use manual backups to restore power to their grid in these areas, but many American companies lack these manual controls. A cyberattack on the American power grid might result in a long blackout as companies try to rewrite the malicious code.

As with the Ukraine attack, the primary suspect for the cyberattacks on American power companies is a “state actor,” most likely Russia. While Russian involvement has not been confirmed, sources in the Times report say that the attacks resemble the previous work of “Energetic Bear,” a Russian hacking group that has been linked to numerous attacks on energy companies since 2012.

Some of the attacks were reportedly initiated by “phishing” emails sent to senior engineers that contained fake resumes that were infected with malicious code. In some cases, the hackers corrupted legitimate sites that were frequented by their targets. This sort of attack is referred to as a “watering hole” attack. The hackers are also known to have used the “man-in-the-middle” strategy which redirects a target’s legitimate internet traffic through servers controlled by the hackers.

The timing of the attacks coincided with a cybersecurity Executive Order issued by President Trump on May 13. The order allows cybersecurity experts in US intelligence agencies to share their expertise with industries such as energy companies. The president also instructed the government not to buy technological equipment from Russian and Chinese companies and to focus on securing power grids and other parts of US infrastructure from cyberattacks.

There are many warning signs that our electronic infrastructure is vulnerable and at risk of a crippling cyberattack. President Trump’s Executive Order is a step in the right direction, but it will take years to fully secure power grids and company computer systems against cyberattacks. There seems to be no time to waste.

Massive Cyberattack Rocks Business World

A broad cyberattack featuring a ransomware program that encrypts infected computer files is spreading rapidly from Russia to Europe and the Americas. More than 2,000 computer systems are known to be infected at this point.

The New York Times reports that the attack has infected numerous systems in the Ukraine including radiation monitoring at Chernobyl, several government ministries, and local banks and transit systems. Other companies that were reportedly attacked include the Danish shipping company, Maersk, the American pharmaceutical company, Merck, and Rosneft, a state-owned Russian oil company.

The Times reports that infected computers display a black screen with red text that reads, “Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don’t waste your time.”

The Kapersky Lab, a cybersecurity firm headquartered in Moscow and own by a British corporation, said that it had tentatively identified the ransomware as a new strain of the Petya computer virus that was compiled on June 18, 2017. Some researchers are calling the new strain “NotPetya” because it is significantly different from the original virus.

NotPetya has the potential to be much more problematic than the WannaCry virus that fizzled earlier this year. According to Forbes, the new virus can even attack Windows systems that have security patches that are up to date. Even computers running Windows 10 are reported to be vulnerable. NotPetya can even extract passwords and use them to spread the infection to other computers.

The source of the NotPetya is unknown, but is presumed to be cybercriminals rather than a state actor. The program demands a ransom payment payable in bitcoin. At least 22 payments have been made, but Forbes reports that the email address set up to provide keys has been shut down by the provider, leaving owners of infected computer systems few options in recovering their files.

NotPetya has yet to run its course. “This is going to be a big one. Real big one,” cybersecurity expert David Kennedy told Forbes.

Trump Tweets Against Obama Handling of Russia Hacking

Yesterday President Trump launched into tweetstorm against Barack Obama’s handling of Russian cyberattacks during the 2016 election. The twitter rant may have been a response to a weekend story in the Washington Post, an outlet that the president called “fake news” in a tweet today, that detailed Barack Obama’s lackluster handling of cyberattacks that were well-known long before the election.

“The reason that President Obama did NOTHING about Russia after being notified by the CIA of meddling is that he expected Clinton would win,” President Trump tweeted on Monday. “And did not want to ‘rock the boat.’ He didn’t ‘choke,’ he colluded or obstructed, and it did the Dems and Crooked Hillary no good,” the president continued in a second tweet.

“The real story is that President Obama did NOTHING after being informed in August about Russian meddling. With 4 months looking at Russia under a magnifying glass, they have zero ‘tapes’ of T people colluding. There is no collusion & no obstruction. I should be given apology!” Trump’s third and fourth tweets said.

In a final tweet on the subject, Trump cited a Fox News story, saying, “From @FoxNews “Bombshell: In 2016, Obama dismissed idea that anyone could rig an American election.”  Check out his statement – Witch Hunt!” Trump did not provide a link to the story, but a Fox News clip on YouTube does show then-President Obama saying precisely what Trump said he did.

The Trump tweets signal an important shift in Trump’s position on the Russian cyberattacks. From the earliest reports of the hacking of the Democratic National Committee, Trump has denied reports of Russian involvement. Two months after the election and after being presented with evidence by intelligence officials, Trump released a statement on January 6 that blamed “Russia, China, other countries, outside groups and people” for the hacking. Since then, Trump has backtracked, calling the “Russia story” a “hoax” and “fake news” on numerous occasions. Now, as information emerges that is damaging to Barack Obama, President Trump changes his tune.

President Trump is on the mark with this series of tweets. While there is so far no evidence that Donald Trump colluded with the Russians to throw the election, the scandal of Russian cyberattacks has become more frightening as details emerge about the extent of the Russian hacking which very nearly compromised voting machine software and voter databases. President Obama’s fecklessness in the face of the cyberattack on the core of American democracy is a major part of the story.

Although much of the blame for the response to the attack lies with the Obama Administration, the Trump Administration carries a share of the blame as well. Trump’s denials of Russian meddling in the election have undoubtedly emboldened the Putin regime, which has also attacked elections in European countries. Russian hacking in Ukraine has taken an even more ominous turn where banks and electric companies have been targeted. Russian hacking has been responsible for blackouts in the Ukraine in apparent test runs for malware that is to be used elsewhere.

The Trump Administration response to Russia’s cyberattacks has not been encouraging. While Congress is attempting to pass a new bill imposing sanctions on Russian citizens and organizations tied to cyberattacks and hacking, but there are reports that the Trump Administration is working against the bill. The silence on the hacking from the Trump Administration has been deafening. Defense Secretary James Mattis, who has said, “I do not see any indication that Mr. Putin would want a positive relationship with us,” is an exception.

While Trump is correct that there is no evidence of illegal collusion between the Trump campaign and Russia, he is also correct in his admission that there is ample evidence that Russia meddled with American elections in an unprecedented way and that President Obama bungled the response.

The Russian cyberattacks demand a response and American electoral systems, power grids and financial institutions need to be protected from future attacks. The responsibility for a response and protection from future attacks falls on Mr. Trump’s shoulders.