U.S. says Russian hack did not compromise power grid, plants
Washington — A Russian government hacking operation aimed at the U.S. power grid did not compromise operations at any of the nation’s power plants, federal regulators and the industry said Friday.
Corporate networks at some of the 99 nuclear power plants licensed by the Nuclear Regulatory Commission were affected by the 2017 hack aimed at the energy grid and other infrastructure, but no safety, security or emergency preparedness functions were impacted, the NRC said in a statement.
The Federal Energy Regulatory Commission also said the incident had no operational impacts on interstate transmission of electricity.
Even so, government and industry leaders said the attacks underscored the increased threat of electronic and computer-based attacks on a range of infrastructure.
Energy Secretary Rick Perry said the prolonged cyberattack “demonstrates exactly why” he is creating an Office of Cyber Security and Emergency Response. The new office will consolidate and strengthen efforts to “combat the growing nefarious cyber threats we face,” Perry said, adding that his department worked closely with other federal agencies and energy providers to help ensure that hacking attempts “failed or were stopped.”
The Trump administration accused Moscow on Thursday of an elaborate plot to penetrate America’s electric grid, factories, water supply and even air travel through cyber hacking.
U.S. national security officials said the FBI, Department of Homeland Security and intelligence agencies determined Russian intelligence and others were behind a broad range of cyberattacks starting more than a year ago. Russian hackers infiltrated the networks that run the basic services Americans rely on each day: nuclear power, water and manufacturing plants.
U.S. officials said the hackers chose their targets methodically, obtained access to computer systems, conducted “network reconnaissance” and then attempted to cover their tracks by deleting evidence of the intrusions. The operation resorted to various methods — including a kind of cyberattack known as spear-phishing — to try to compromise legitimate user accounts, gather user credentials, and target industrial control systems and their networks, officials said.
The U.S. government has helped the industries expel the Russians from all systems known to have been penetrated, but additional breaches could be discovered, officials said.
The Nuclear Energy Institute, an industry lobbying group, said the Russian hacking campaign targeting U.S. infrastructure “demonstrated that America’s nuclear plants can withstand a nation-state sponsored attack.”
U.S. nuclear plants are designed as operational “islands” that are not connected to the internet and other networks. Nuclear power provides about 20 percent of the nation’s electricity.
The Edison Electric Institute, which represents investor-owned electric companies that provide electricity for about 220 million Americans, said the government informed energy grid operators last year of a threat targeting them.