The Trump administration has accused Russian government operatives of targeting the U.S. energy sector, government agencies and other critical infrastructure sectors with a series of cyberattacks for at least the last two years.
Meanwhile, a recent poll shows a majority of Americans believe the nation's electric grid is vulnerable to a cyber or physical attack, with only 8% of respondents saying they believe the U.S. government is doing all it should to prevent such incidents. Also earlier this month, a House panel found that the Kremlin has been attempting to interfere with U.S. energy markets and influence domestic energy policy by using social media to sow discord in the United States.
In a joint technical alert (JTA) issued last Thursday, the Department of Homeland Security (DHS) said its agents, as well as those with the Federal Bureau of Investigation (FBI), discovered Russians, aka threat actors, had since at least March 2016 "targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation and critical manufacturing sectors...
"The threat actors appear to have deliberately chosen the organizations they targeted, rather than pursuing them as targets of opportunity," DHS said. It added that staging targets, aka peripheral organizations, such as trusted third-party suppliers with less secure networks, "held preexisting relationships with many of the intended targets.
"DHS analysis identified the threat actors accessing publicly available information hosted by organization-monitored networks during the reconnaissance phase. Based on forensic analysis, DHS assesses the threat actors sought information on network and organizational design and control system capabilities within organizations."
Within the energy sector, DHS said on multiple occasions, Russians tried to tamper with U.S. power plants by gaining access to critical data stored on workstations and servers connected to a corporate network. The Russians accessed files pertaining to Industrial Control Systems (ICS) or supervisory control and data acquisition (SCADA) systems.
The JTA included an image that appears to be a screenshot of a computer screen at a power plant. According to DHS, its agents created the image by reconstructing several fragments that Russians appear to have accessed.
DHS said the Russians used several tactics, including spear-phishing emails and watering-hole domains, to collect information on their targets.
"In some cases, information posted to company websites, especially information that may appear to be innocuous, may contain operationally sensitive information," DHS said.
DHS cited an example where Russians had "downloaded a small photo from a publicly accessible human resources page. The image, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background."
DHS and the FBI recommended that network administrators review a list of internet protocol, or IP addresses, along with domain names, file hashes and YARA and Snort signatures included in the JTA. The agencies recommended adding the IPs to their watch list "to determine whether malicious activity is occurring within their organization."
Grid Vulnerable, Says Poll
According to a poll commissioned by Protect Our Power (POP), a Florida-based nonprofit focused on protecting the U.S. electric grid, 62% of respondents believe the grid is vulnerable to an attack by foreign enemies.
The poll also found that 66% of respondents were unprepared for an extended power outage, while 69% were aware of threats to the grid. Another 75% of respondents said they believe federal legislation for improving critical infrastructure should include funding for the electric grid.
"As we have seen in today's joint warning from DHS and the FBI, foreign entities are becoming increasingly successful in infiltrating our electric grid and it may only be a matter of time until serious damage is done," said POP Executive Director Jim Cunningham. "Our poll shows that the American people are increasingly aware of and concerned about the vulnerabilities of our electrical systems, and that's why they're asking the government to act more aggressively in addressing this urgent threat."
POP's Suedeen Kelly, regulatory counsel and a former commissioner at FERC, concurred.
"The complexity of how the nation's electric grid is operated and regulated presents very real challenges when trying to take significant steps forward in cyber security," Kelly said. "The public understands the need for coordination across agencies and entities, and our poll shows that the public expects the government to be a leader in getting the affected parties on the same page and urgently taking concrete steps to secure the grid now.
"We should not keep kicking this can down the road. The time for federal regulators and Congress to act is now, before it is too late."
The poll, conducted by SurveyMonkey for POP, took responses from 1,239 Americans during the first week of March. It has a sampling error of plus/minus 3%.
Russian meddling in the U.S. energy grid was also a topic of discussion during a Federal Energy Regulatory Commission meeting last Thursday.
"Our internal focus already is very high on cyber in our Office of Electric Reliability," FERC Chairman Kevin McIntyre said. "We are focusing increasing amounts of time on cyber protection in coordination with other governmental entities on these important areas.
"It's fast moving. Frankly, some of it is a little bit scary, but we keep our eye on the ball and stay focused on it. We try our best as an agency to stay up to speed on it."
From Russia With Love (For Deception)
Earlier this month, the House Committee on Science, Space and Technology issued a 21-page report that found Russian agents "were exploiting American social media platforms in an effort to disrupt domestic energy markets, suppress research and development of fossil fuels, and stymie efforts to expand the use of natural gas."
According to the committee, documents supplied by U.S. social media companies showed that between 2015 and 2017, Russians made an estimated 9,097 posts or tweets to Facebook, Instagram and Twitter on U.S. energy policy or a current energy event. During the same time frame, about 4,334 accounts on those social media platforms were found linked to a Russian company in St. Petersburg that the committee said was established by the Kremlin "for the purpose of deceptively using various social and traditional media platforms to advance Russian propaganda..."
"Russia has a significant interest in disrupting U.S. energy markets and influencing domestic energy policy. American energy is booming. America's emergence as a global energy exporter presents a significant threat to Russian energy interests. Such competition reduces the revenue and influence generated by Russian energy exports. This adversely affects the Kremlin's ability to leverage Eastern Europe's reliance on their energy and their ability to carry out their geopolitical agenda.
"The surge of American energy into the global marketplace heightens the Kremlin's desire to eliminate or mitigate the American energy threat and to do so by influencing social media users, American voters, and public officials."
To that end, the Kremlin has reportedly targeted hydraulic fracturing, oil and gas pipeline construction, and the ongoing debate over climate change. The committee also found that Russians were making social posts that appeal to both liberals and conservatives.
"Regardless of one's political or ideological views surrounding U.S. energy policy and climate change, the American people deserve to be free from foreign political interference," the committee said. "As such, the committee will continue to work with social media companies, which have taken positive steps to bring transparency to the online debate."