Russian hackers infiltrated the control rooms of US utility companies last year, reaching a point where they "could have thrown switches," The Wall Street Journal reports. The paper cites officials from the Department of Homeland Security (DHS) confirming that the hackers -- from a state-sponsored group previously known as Dragonfly or Energetic Bear -- gained access to allegedly secure networks, where they could have caused blackouts.
According to the DHS, the long-running Russian campaign has affected "hundreds of victims," and some companies may not even know they've been compromised as the attacks relied on the credentials of actual employees, making intrusions harder to identify. The attack is believed to have surfaced in spring 2016 and could still be continuing.
However, while the potential consequences of these attacks are serious, some experts maintain that the tangible risks are no greater than they were before these fresh attacks came to light. After a similar hacking revelation last year, CEO of cybersecurity firm Dragos Robert M. Lee wrote that "Our adversaries are at the starting point of their journey to cause significant disruption to our power grid, not the finish line."
Following the most recent news of Russian interference, Lee took to Twitter to reiterate that while the warnings of threats are important, much of the language used in reporting them is "not helpful and often misleading." He noted that cyber threats to industrial infrastructure are getting more aggressive, but urged people not to "hype up" the issue, adding that "It's bad enough without added fear."
The warnings of the threats are extremely important as they are becoming more frequent. But much of the language in these articles is not helpful and often misleading https://t.co/KsyZAhyZ8L
— Robert M. Lee (@RobertMLee) July 24, 2018
As an example this article, and many like it, use subtle word choices like noting that penetrating the control centers was "easy" and that it was "hundreds of victims" but not necessarily hundreds of control centers which is what they're referring to when discussing "black outs"
— Robert M. Lee (@RobertMLee) July 24, 2018
Then there's the almost mocking note that supposedly these networks were supposed to be air gapped; except no one serious in the discussion considers control centers for electric grid functionality air gapped. It's subtle but positions that this is a shock but it's not
— Robert M. Lee (@RobertMLee) July 24, 2018
And language such as "throwing switches" and noting it would cause "black outs" is in no way representative of what was seen in these intrusions. In these cases the adversary was taking screenshots of HMIs.
— Robert M. Lee (@RobertMLee) July 24, 2018
So in short, please take cyber threats to industrial infrastructure serious. They are getting far more aggressive and numerous. But let's not use word choices that mislead and hype up the issue. It's bad enough without added fear.
— Robert M. Lee (@RobertMLee) July 24, 2018