Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Rebecca Zisser / Axios

Hackers have been penetrating the computer networks of nuclear facilities in the U.S. since May by sending what appear to be legitimate resumes that contain malware and by compromising frequently visited web sites, the Department of Homeland Security and FBI said in a report obtained by the New York Times.

  • The good news: A DHS spokesperson told Axios there's "no indication of a threat to public safety" since the hacks appeared to be isolated in the administrative and business side of the nuclear facilities, not reaching control panels (indeed, one affected facility said no "operations systems" were impacted).
  • The bad news: Stephen Boyer, co-founder of cybersecurity ratings company BitSight, said it's possible code could be sitting dormant to gather intel on how to launch attacks in the future. And if U.S. nuclear facilities are successfully compromised, it could lead to fires, explosions, or spills of dangerous materials. Plus, as an expert on geopolitical issues framed it, other hackers might be watching what the U.S. tries to secure now, which could tip them off for what to target next.

Why this matters: In a "nightmare scenario," according to Barracuda Networks Vice President Asaf Cidon, since a cyber attack on a nuclear plant could "heavily disrupt a critical infrastructure with a click of a mouse."

Breakdown of the attacks

  • The magnitude: The hackers hit at least a dozen U.S. power plants, per Bloomberg.
  • The hack: One of the hacks used, the resume hack, is pretty old and simple but allows you to "see all the communications on the computer ... and infect other computers," Cidon said.
One key thing

It could be Russia: Energy Secretary Rick Perry said Tuesday the hackers "may be state-sponsored" or just "criminal elements" looking for vulnerabilities. Boyer told Axios the way the government refers to the hackers (advanced persistent threats) is a "code word" for nation-state. According to Bloomberg, the chief suspect is Russia, which is concerning since Russian hackers have successfully knocked out Ukraine's power grid before. But one expert on cybersecurity issues told Axios he didn't agree with this assessment since "it's sloppy in the way it was executed…if it was state-sponsored...the ultimate goal" is to stay under the radar.

How facilities can protect themselves
  • Secure facilities: Cidon said it would cost a nuclear facility, depending on its size, anywhere from tens of thousands of dollars to hundreds of thousands of dollars to secure its network, what he calls "a drop in the bucket" compared to the potential consequences of leaving this critical infrastructure unsecured.
  • Separate business and nuclear operations: Especially for critical infrastructure, keeping networks separate is crucial since it's "really hard to do damage to a nuclear facility until you reach the control system," Boyer said.
  • Be careful of protocol: When Russia hacked Ukraine's electrical grid it did so through employees remotely logging into the grid network. (More on that via Wired.)
  • Be wary of vendors: If they get infected with malware, it could affect the nuclear facility as well.
  • Share info: "One of the best defenses is sharing the information" when you've been hacked, Boyer said, especially when it looks like a coordinated, targeted campaign.

Go deeper

Kellyanne Conway's parting power pointers

Kellyanne Conway addresses the 2020 Republican National Convention. Photo: Nicholas Kamm/AFP via Getty Images

Kellyanne Conway has seen power exercised as a pollster, campaign manager and senior counselor to President Trump. Now that his term in office has concluded, she shared her thoughts with Axios.

Why it matters: If there's a currency in this town, it's power, so we've asked several former Washington power brokers to share their best advice as a new administration and new Congress settle in.

2 hours ago - Politics & Policy

GOP holdouts press on with plans to crush Cheney

Screenshot of emails to a member of Congress from individuals who signed an Americans for Limited Government petition against Rep. Liz Cheney. Photo obtained by Axios

Pro-Trump holdouts in the House are forging ahead with an uphill campaign to oust Rep. Liz Cheney as head of the chamber's Republican caucus even though Minority Leader Kevin McCarthy told them to back down.

Why it matters: What happens next will be a test of McCarthy's party control and the sincerity of his opposition to the movement. Cheney (R-Wyo.) is seen as a potential leadership rival to the California Republican.

Democrats aim to punish House GOP for Capitol riot

Speaker Nancy Pelosi passes through a newly installed metal detector at the House floor entrance Thursday. Photo: Drew Angerer/Getty Images

House Democrats plan to take advantage of corporate efforts to cut funding for Republicans who opposed certifying the 2020 election results, with a plan to target vulnerable members in the pivotal 2022 midterms for their role in the Jan. 6 violence.

Why it matters: It's unclear whether the Democrats' strategy will manifest itself in ads or earned media in the targeted races or just be a stunt to raise money for themselves. But the Capitol violence will be central to the party's messaging as it seeks to maintain its narrow majorities in Congress.