Jul 14, 2017

Hackers are penetrating U.S. nuclear facilities

Rebecca Zisser / Axios

Hackers have been penetrating the computer networks of nuclear facilities in the U.S. since May by sending what appear to be legitimate resumes that contain malware and by compromising frequently visited web sites, the Department of Homeland Security and FBI said in a report obtained by the New York Times.

  • The good news: A DHS spokesperson told Axios there's "no indication of a threat to public safety" since the hacks appeared to be isolated in the administrative and business side of the nuclear facilities, not reaching control panels (indeed, one affected facility said no "operations systems" were impacted).
  • The bad news: Stephen Boyer, co-founder of cybersecurity ratings company BitSight, said it's possible code could be sitting dormant to gather intel on how to launch attacks in the future. And if U.S. nuclear facilities are successfully compromised, it could lead to fires, explosions, or spills of dangerous materials. Plus, as an expert on geopolitical issues framed it, other hackers might be watching what the U.S. tries to secure now, which could tip them off for what to target next.

Why this matters: In a "nightmare scenario," according to Barracuda Networks Vice President Asaf Cidon, since a cyber attack on a nuclear plant could "heavily disrupt a critical infrastructure with a click of a mouse."

Breakdown of the attacks

  • The magnitude: The hackers hit at least a dozen U.S. power plants, per Bloomberg.
  • The hack: One of the hacks used, the resume hack, is pretty old and simple but allows you to "see all the communications on the computer ... and infect other computers," Cidon said.
One key thing

It could be Russia: Energy Secretary Rick Perry said Tuesday the hackers "may be state-sponsored" or just "criminal elements" looking for vulnerabilities. Boyer told Axios the way the government refers to the hackers (advanced persistent threats) is a "code word" for nation-state. According to Bloomberg, the chief suspect is Russia, which is concerning since Russian hackers have successfully knocked out Ukraine's power grid before. But one expert on cybersecurity issues told Axios he didn't agree with this assessment since "it's sloppy in the way it was executed…if it was state-sponsored...the ultimate goal" is to stay under the radar.

How facilities can protect themselves
  • Secure facilities: Cidon said it would cost a nuclear facility, depending on its size, anywhere from tens of thousands of dollars to hundreds of thousands of dollars to secure its network, what he calls "a drop in the bucket" compared to the potential consequences of leaving this critical infrastructure unsecured.
  • Separate business and nuclear operations: Especially for critical infrastructure, keeping networks separate is crucial since it's "really hard to do damage to a nuclear facility until you reach the control system," Boyer said.
  • Be careful of protocol: When Russia hacked Ukraine's electrical grid it did so through employees remotely logging into the grid network. (More on that via Wired.)
  • Be wary of vendors: If they get infected with malware, it could affect the nuclear facility as well.
  • Share info: "One of the best defenses is sharing the information" when you've been hacked, Boyer said, especially when it looks like a coordinated, targeted campaign.

Go deeper

Maryland becomes latest state to issue coronavirus stay-at-home order

Gov. Larry Hogan. Photo: Jim Spellman/Getty Images

Maryland Gov. Larry Hogan announced Monday he is ordering residents to stay at home effective 8 p.m. due to the coronavirus, except for those engaged in essential services, including health care and government functions.

The big picture: Maryland is the latest state to announce policies to enforce social distancing, which have affected almost 250 million Americans. More than 1.5 billion people worldwide had been asked to stay home as of last week.

Go deeperArrowUpdated 8 mins ago - Health

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 12 p.m. ET: 741,030 — Total deaths: 35,305 — Total recoveries: 156,838.
  2. U.S.: Leads the world in cases. Total confirmed cases as of 12 p.m. ET: 143,532 — Total deaths: 2,572 — Total recoveries: 4,865.
  3. Federal government latest: The White House will extend its social distancing guidelines until April 30 — Hospital ship the USNS Comfort arrives in Manhattan
  4. Public health updates: — White House COVID-19 response coordinator Dr. Deborah Birx said the 100,000 to 200,000 U.S. coronavirus death toll estimate is based on the presumption that citizens follow social-distancing guidelines "almost perfectly."
  5. Business latest: Macy's will furlough the majority of it's workers this week, as the chain's stores remain closed.
  6. 🎧 Podcast: Living with the coronavirus
  7. What should I do? Answers about the virus from Axios expertsWhat to know about social distancingQ&A: Minimizing your coronavirus risk
  8. Other resources: CDC on how to avoid the virus, what to do if you get it.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

Podcast: Living with the coronavirus

Over 143,000 people in the U.S. have now tested positive for the coronavirus. Among them is Axios co-founder and president Roy Schwartz, who joins Dan to discuss his unusual symptoms, his hospital experience and the complications of quarantining with a family.