Rebecca Zisser / Axios
Hackers have been penetrating the computer networks of nuclear facilities in the U.S. since May by sending what appear to be legitimate resumes that contain malware and by compromising frequently visited web sites, the Department of Homeland Security and FBI said in a report obtained by the New York Times.
- The good news: A DHS spokesperson told Axios there's "no indication of a threat to public safety" since the hacks appeared to be isolated in the administrative and business side of the nuclear facilities, not reaching control panels (indeed, one affected facility said no "operations systems" were impacted).
- The bad news: Stephen Boyer, co-founder of cybersecurity ratings company BitSight, said it's possible code could be sitting dormant to gather intel on how to launch attacks in the future. And if U.S. nuclear facilities are successfully compromised, it could lead to fires, explosions, or spills of dangerous materials. Plus, as an expert on geopolitical issues framed it, other hackers might be watching what the U.S. tries to secure now, which could tip them off for what to target next.
Why this matters: In a "nightmare scenario," according to Barracuda Networks Vice President Asaf Cidon, since a cyber attack on a nuclear plant could "heavily disrupt a critical infrastructure with a click of a mouse."
Breakdown of the attacks
- The magnitude: The hackers hit at least a dozen U.S. power plants, per Bloomberg.
- The hack: One of the hacks used, the resume hack, is pretty old and simple but allows you to "see all the communications on the computer ... and infect other computers," Cidon said.
One key thing
It could be Russia: Energy Secretary Rick Perry said Tuesday the hackers "may be state-sponsored" or just "criminal elements" looking for vulnerabilities. Boyer told Axios the way the government refers to the hackers (advanced persistent threats) is a "code word" for nation-state. According to Bloomberg, the chief suspect is Russia, which is concerning since Russian hackers have successfully knocked out Ukraine's power grid before. But one expert on cybersecurity issues told Axios he didn't agree with this assessment since "it's sloppy in the way it was executed…if it was state-sponsored...the ultimate goal" is to stay under the radar.
How facilities can protect themselves
- Secure facilities: Cidon said it would cost a nuclear facility, depending on its size, anywhere from tens of thousands of dollars to hundreds of thousands of dollars to secure its network, what he calls "a drop in the bucket" compared to the potential consequences of leaving this critical infrastructure unsecured.
- Separate business and nuclear operations: Especially for critical infrastructure, keeping networks separate is crucial since it's "really hard to do damage to a nuclear facility until you reach the control system," Boyer said.
- Be careful of protocol: When Russia hacked Ukraine's electrical grid it did so through employees remotely logging into the grid network. (More on that via Wired.)
- Be wary of vendors: If they get infected with malware, it could affect the nuclear facility as well.
- Share info: "One of the best defenses is sharing the information" when you've been hacked, Boyer said, especially when it looks like a coordinated, targeted campaign.