US mal­ware men­aces Rus­sian power grid

The Island Packet (Sunday) - - Front Page - BY DAVID E. SANGER AND NI­COLE PERLROTH

The United States is step­ping up dig­i­tal in­cur­sions into Rus­sia’s elec­tric power grid in a warn­ing to Pres­i­dent Vladimir Putin and a demon­stra­tion of how the Trump ad­min­is­tra­tion is us­ing new au­thor­i­ties to de­ploy cy­ber­tools more ag­gres­sively, cur­rent and for­mer gov­ern­ment of­fi­cials said.

In in­ter­views over the past three months, the of­fi­cials de­scribed the pre­vi­ously un­re­ported de­ploy­ment of U.S. com­puter code in­side Rus­sia’s grid and other tar­gets as a clas­si­fied com­pan­ion to more pub­licly dis­cussed ac­tion di­rected at Moscow’s dis­in­for­ma­tion and hack­ing units around the 2018 midterm elec­tions.

Ad­vo­cates of the more ag­gres­sive strat­egy said it was long over­due, af­ter years of pub­lic warn­ings from the Depart­ment of Home­land Se­cu­rity and the FBI that Rus­sia has in­serted mal­ware that could sabotage U.S. power plants, oil and gas pipe

lines, or wa­ter sup­plies in any fu­ture con­flict with the United States.

But it also car­ries sig­nif­i­cant risk of es­ca­lat­ing the daily dig­i­tal Cold War be­tween Wash­ing­ton and Moscow.

The ad­min­is­tra­tion de­clined to de­scribe spe­cific ac­tions it was tak­ing un­der the new au­thor­i­ties, which were granted sep­a­rately by the White House and Con­gress last year to U.S. Cy­ber Com­mand, the arm of the Pen­tagon that runs the mil­i­tary’s of­fen­sive and de­fen­sive oper­a­tions in the on­line world.

But in a pub­lic ap­pear­ance Tues­day, Pres­i­dent Don­ald Trump’s na­tional se­cu­rity ad­viser, John R. Bolton, said the United States was now tak­ing a broader view of po­ten­tial dig­i­tal tar­gets as part of an ef­fort “to say to Rus­sia, or any­body else that’s en­gaged in cy­ber­op­er­a­tions against us, ‘You will pay a price.’ ”

Power grids have been a low-in­ten­sity bat­tle­ground for years.

Since at least 2012, cur­rent and for­mer of­fi­cials say, the United States has put re­con­nais­sance probes into the con­trol sys­tems of the Rus­sian elec­tric grid.

But now the U.S. strat­egy has shifted more to­ward of­fense, of­fi­cials say, with the place­ment of po­ten­tially crip­pling mal­ware in­side the Rus­sian sys­tem at a depth and with an ag­gres­sive­ness that had never been tried be­fore. It is in­tended partly as a warn­ing and partly to be poised to con­duct cy­ber­strikes if a ma­jor con­flict broke out be­tween Wash­ing­ton and Moscow.

The commander of U.S. Cy­ber Com­mand, Gen. Paul M. Naka­sone, has been out­spo­ken about the need to “de­fend for­ward” deep in an ad­ver­sary’s net­works to demon­strate that the United States will re­spond to the bar­rage of on­line at­tacks aimed at it.

“They don’t fear us,” he told the Se­nate a year ago dur­ing his con­fir­ma­tion hear­ings.

But find­ing ways to cal­i­brate those re­sponses so that they de­ter at­tacks with­out in­cit­ing a dan­ger­ous es­ca­la­tion has been the source of con­stant de­bate.

Trump is­sued new au­thor­i­ties to Cy­ber Com­mand last sum­mer, in a still-clas­si­fied doc­u­ment known as Na­tional Se­cu­rity Pres­i­den­tial Me­moranda 13, giv­ing Naka­sone far more lee­way to con­duct of­fen­sive on­line oper­a­tions with­out re­ceiv­ing pres­i­den­tial ap­proval.

But the ac­tion in­side the Rus­sian elec­tric grid ap­pears to have been con­ducted un­der lit­tle-no­ticed new le­gal au­thor­i­ties, slipped into the mil­i­tary au­tho­riza­tion bill passed by Con­gress last sum­mer. The mea­sure ap­proved the rou­tine con­duct of “clan­des­tine mil­i­tary ac­tiv­ity” in cy­berspace, to “de­ter, safe­guard or de­fend against at­tacks or ma­li­cious cy­ber­ac­tiv­i­ties against the United States.”

Un­der the law, those ac­tions can now be au­tho­rized by the de­fense sec­re­tary with­out spe­cial pres­i­den­tial ap­proval.

The crit­i­cal ques­tion – im­pos­si­ble to know with­out ac­cess to the clas­si­fied de­tails of the op­er­a­tion – is how deep into the Rus­sian grid the United States has bored. Only then will it be clear whether it would be pos­si­ble to plunge Rus­sia into dark­ness or crip­ple its mil­i­tary – a ques­tion that may not be an­swer­able un­til the code is ac­ti­vated.

“It has got­ten far, far more ag­gres­sive over the past year,” one se­nior in­tel­li­gence of­fi­cial said, speak­ing on the con­di­tion of anonymity but de­clin­ing to dis­cuss any spe­cific clas­si­fied pro­grams. “We are do­ing things at a scale that we never con­tem­plated a few years ago.”

Both Naka­sone and Bolton, through spokes­men, de­clined to an­swer ques­tions about the in­cur­sions into Rus­sia’s grid. Of­fi­cials at the Na­tional Se­cu­rity Coun­cil also de­clined to com­ment but said they had no na­tional se­cu­rity con­cerns about the de­tails of The New York Times’ re­port­ing about the tar­get­ing of the Rus­sian grid, per­haps an in­di­ca­tion that some of the in­tru­sions were in­tended to be no­ticed by the Rus­sians.

Speak­ing Tues­day at a con­fer­ence spon­sored by The Wall Street Jour­nal, Bolton said: “We thought the re­sponse in cy­berspace against elec­toral med­dling was the high­est pri­or­ity last year, and so that’s what we fo­cused on. But we’re now open­ing the aper­ture, broad­en­ing the ar­eas we’re pre­pared to act in.”

He added, re­fer­ring to na­tions tar­geted by U.S. dig­i­tal oper­a­tions, “We will im­pose costs on you un­til you get the point.”

Two ad­min­is­tra­tion of­fi­cials said they be­lieved Trump had not been briefed in any de­tail about the steps to place “im­plants” – soft­ware code that can be used for sur­veil­lance or at­tack – in­side the Rus­sian grid.

Pen­tagon and in­tel­li­gence of­fi­cials de­scribed broad hes­i­ta­tion to go into de­tail with Trump about oper­a­tions against Rus­sia for con­cern over his re­ac­tion – and the pos­si­bil­ity that he might coun­ter­mand it or dis­cuss it with for­eign of­fi­cials, as he did in 2017 when he men­tioned a sen­si­tive op­er­a­tion in Syria to the Rus­sian for­eign min­is­ter.

Be­cause the new law de­fines the ac­tions in cy­berspace as akin to tra­di­tional mil­i­tary ac­tiv­ity on the ground, in the air or at sea, no such brief­ing would be nec­es­sary, they added.

Rus­sian in­tru­sion on U.S. in­fra­struc­ture has been the back­ground noise of su­per­power com­pe­ti­tion for more than a decade.

A suc­cess­ful Rus­sian breach of the Pen­tagon’s clas­si­fied com­mu­ni­ca­tions net­works in 2008 prompted the cre­ation of what has be­come Cy­ber Com­mand. Un­der Pres­i­dent Barack Obama, the at­tacks ac­cel­er­ated.

In late 2015, just as the breaches of the Demo­cratic Na­tional Com­mit­tee be­gan, yet an­other Rus­sian hack­ing unit be­gan tar­get­ing crit­i­cal U.S. in­fra­struc­ture, in­clud­ing the elec­tric­ity grid and nu­clear power plants. By 2016, the hackers were scru­ti­niz­ing the sys­tems that con­trol the power switches at the plants.

Af­ter Trump’s in­au­gu­ra­tion, Rus­sian hackers kept es­ca­lat­ing at­tacks.

Trump’s ini­tial cy­berteam de­cided to be far more pub­lic in call­ing out Rus­sian ac­tiv­ity. In early 2018, it named Rus­sia as the coun­try re­spon­si­ble for “the most de­struc­tive cy­ber­at­tack in hu­man his­tory,” which par­a­lyzed much of Ukraine and af­fected Amer­i­can com­pa­nies in­clud­ing Merck and FedEx.

When Naka­sone took over both Cy­ber Com­mand and the NSA a year ago, his staff was as­sess­ing Rus­sian hack­ings on tar­gets that in­cluded the Wolf Creek Nu­clear Op­er­at­ing Corp., which runs a nu­clear power plant near Burling­ton, Kansas, as well as pre­vi­ously un­re­ported at­tempts to in­fil­trate Ne­braska Pub­lic Power Dis­trict’s Cooper Nu­clear Sta­tion, near Brownville. The hackers got into com­mu­ni­ca­tions net­works, but never took over con­trol sys­tems.

In Au­gust, Naka­sone used the new au­thor­ity granted to Cy­ber Com­mand by the se­cret pres­i­den­tial di­rec­tive to over­whelm the com­puter sys­tems at Rus­sia’s In­ter­net Re­search Agency – the group at the heart of the hack­ing dur­ing the 2016 elec­tion in the United States. It was one of four oper­a­tions his Rus­sia Small Group or­ga­nized around the midterm elec­tions. Of­fi­cials have talked pub­licly about those, though they have pro­vided few de­tails.

Re­cent ac­tions by the United States against the Rus­sian power grids, whether as sig­nals or po­ten­tial of­fen­sive weapons, ap­pear to have been con­ducted un­der the new con­gres­sional au­thor­i­ties.


A power plant in No­rilsk, Rus­sia, is seen Nov. 7, 2017. The U.S. ad­min­is­tra­tion is us­ing new au­thor­i­ties to de­ploy cy­ber­tools more ag­gres­sively, mak­ing dig­i­tal in­cur­sions into Rus­sia’s elec­tric power grid in a warn­ing to Pres­i­dent Vladimir Putin.


Gen. Paul Naka­sone, the head of U.S. Cy­ber Com­mand, has been out­spo­ken about the need to “de­fend for­ward” deep in an ad­ver­sary’s net­works to demon­strate that the United States will re­spond to the bar­rage of on­line at­tacks aimed at it.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.