US re-examines cyber security
Several states around the country on Saturday asked cyber security experts to re-examine state and utility networks after a Vermont utility’s laptop was found to contain malware US officials say is linked to Russian hackers. The Burlington Electric Department, one of Vermont’s two largest electric utilities, confirmed Friday it had found on one of its laptops the malware code used in Grizzly Steppe, the name the US government has given to malicious cyber activity by Russian civilian and military intelligence services.
A Burlington Electric Department spokesman said federal officials have told company officials the threat was not unique to them. The Department of Homeland Security said it had no information indicating the power grid was penetrated in the cyber invasion. A spokesman wouldn’t say whether any other utilities, organizations or entities had reported similar malware on their systems but said any such information would be confidential. Officials in New York, Rhode Island, Massachusetts and Connecticut said they’re more closely monitoring state and utility networks for anything suspicious.
“We have not detected any activity matching the reported malware at this time,” Connecticut governor’s office spokesman Chris Collibee said. New Jersey’s homeland security director said the state had no reports of malicious activity associated with Grizzly Steppe at major utility systems. In New York, Democratic Gov. Andrew Cuomo directed all state agencies to re-examine their computer systems for security breaches. Nothing had been found. An attack on a US power grid has long been a nightmare scenario for top US officials.
Alarmed and outraged
The National Security Agency and US Cyber Command chief Adm. Michael Rogers have previously warned it’s not a matter of if but when attackers target US power systems. On Dec 23, 2015, a highly sophisticated cyber attack on the power grid in Ukraine hit three regional electronic power distribution companies, blacking out more than 225,000 customers. Democratic Vermont Gov Peter Shumlin said his administration has been in touch with the federal government and the state’s utilities. He said people should be “alarmed and outraged” that Russia “has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health and safety.”
Burlington Electric noted it wasn’t connected to the grid system and didn’t explain how the malware got onto the computer. The company said US government authorities alerted American utilities about the malware code Thursday in a report released when Democratic President Barack Obama announced the US response to election hacking. Obama ordered sanctions on Russian intelligence agencies, closed two Russian compounds and expelled 35 diplomats the US said were spies. A Russian state television channel on Saturday sought to discredit reports linking the malware to the Kremlin.
If Russia is found to be connected to widespread hacking of US utilities, it will make it more difficult for Republican President-elect Donald Trump to soften anti-Russian sentiment on Capitol Hill, where hearings on hacking are scheduled next week. Rep. Peter Welch, a Democrat from Vermont, said the incident proves Obama’s response was warranted. “This attack shows how rampant Russian hacking is. It’s systemic, relentless, predatory,” Welch said in a statement. “They will hack everywhere, even Vermont, in pursuit of opportunities to disrupt our country.” The Washington Post first reported on the Vermont utility’s malware discovery. The Rossiya state television channel said the Post provided no confirmation Russia was involved.
It said the Post report spoke only about the identification of malicious software code that Washington previously concluded had been used by the Russian intelligence services in the cyber attack on US political institutions. In a report released Thursday, Homeland Security and the FBI provided technical details about the tools and infrastructure they say Russian civilian and military intelligence services have used to compromise and exploit networks “associated with the US election as well as a range of US government, political and private sector entities.” “This activity by the Russian civilian and military intelligence services is part of an ongoing campaign of cyber-enabled operations directed at the US government and its citizens,” the report said.—AP