Homeland Security details Russian utility hack

The Wall Street Journal reported in late July Russian hackers gained access to U.S. utility control rooms in 2017. Federal officials said the access could have allowed them to cause blackouts and the attack is likely continuing.

The Department of Homeland Security revealed the information in an unclassified “awareness briefing” July 23. In a follow-up statement July 24, the DHS said although hundreds of energy and non-energy companies were targeted, the incident “would not have had any impact on the larger grid.”

According to the Journal, hackers compromised US utility companies’ corporate networks using tactics such as phishing emails and watering-hole attacks, which targets groups by infecting websites they frequently visit with malware. Once they gained access to the companies’ vendor networks, hackers stole credentials to access the utility networks.

Tobias Sellier, director of media relations and communications for American Public Power Association, said federal government partners first informed grid operators of a threat to the energy and manufacturing sectors last year.

According to Sellier, the Electricity Information Sharing and Analysis Center (E-ISAC) provided detailed indicators of compromise in response to the U.S. government sanctions against Russian cyber actors in March of 2018. E-ISAC provided the information to ensure electric utilities are prepared to protect their networks moving forward.

Industry officials can also rely on guidance from the Electricity Subsector Coordinating Council, or ESCC, which was created to protect the nation’s power grid from physical or cyber attacks. Made up of electric company CEOs and trade association leaders, the organization represents all segments of the industry. Its counterparts include senior Administration officials from the White House, relevant Cabinet agencies, federal law enforcement and national security organizations.

“Information sharing is a critical component of the strong industry/government partnership that exists through the ESCC, and vital to protecting the grid,” Sellier said.

APPA CEO Sue Kelly is on the ESCC steering committee. Sellier said APPA will continue to work across the sector and with government partners to protect the grid from this threat as well as other cyber and physical threats. The Association also encourages member utilities to sign up for the E-ISAC’s portal to get alerts and resources to monitor and manage cyber threats.