Russian Hackers Likely Behind Cyberattacks on U.S. Nuclear Operators: Experts

Wolf Creek Nuclear Operating Corp's nuclear power plant in Kansas

 

Attacks by hackers on Wolf Creek Nuclear Operating Corporation in Burlington, Kansas have had “absolutely no operational impact,” the company’s spokesman said Thursday night, following a report about the attacks by the New York Times.

A report issued by DHS and the FBI concluded that hackers have targeted the nuclear corporation and other nuclear power operators since May, the Times reported (also see this detailed Bloomberg’s report).

Wolf Creek communications director Jenny Hageman said the facility’s operational computer systems are separate from the corporate network.

“The safety and control systems for the nuclear reactor and other vital plant components are not connected to business networks or the internet,” Hageman said. “The plant continues to operate safely.”

The Times reported that the hackers sent emails with resumes which contained code allowing attackers access to senior employees’ credentials and other network machines.

The source of the hacking is not clear, but Bloomberg reports that according to three people familiar with the continuing effort to eject the hackers from the computer networks, the chief suspect is Russia.

The possibility of a Russia connection is particularly worrisome, former and current officials say, because Russian hackers have previously taken down parts of the electrical grid in Ukraine and appear to be testing increasingly advanced tools to disrupt power supplies.

Had the plant been successfully hacked, the attack would have to be reported to the Nuclear Regulatory Commission (NRC) which would have to inform the public, said John Keeley with the Nuclear Energy Institute.

CNet reports that DHS and the FBI said it was most concerned about the “persistence” of the attacks on choke points of the U.S. power supply. The language used by the two agencies suggests that hackers are trying to establish backdoors on the plants’ systems for later use.

Bloomberg notes that those backdoors can be used to insert software specifically designed to penetrate a facility’s operational controls and disrupt critical systems.

“We’re moving to a point where a major attack like this is very, very possible,” Galina Antova, co-founder of Claroty, a New York firm that specializes in securing industrial control systems Antova, told Bloomberg. “Once you’re into the control systems — and you can get into the control systems by hacking into the plant’s regular computer network — then the basic security mechanisms you’d expect are simply not there.”

Industry experts and U.S. officials take the attacks on U.S. nuclear operators seriously, partly as a aresut of recent Russian government hackers’ attacks on Ukraine’s power infrastructure.

Scott Aaronson, executive director for security and business continuity at the Edison Electric Institute, an industry trade group, told Bloomberg that utilities, grid operators and federal officials were already dissecting the attack on Ukraine’s electric sector to apply lessons in North America before the U.S. government issued the latest warning to “energy and critical manufacturing sectors.”

The Russian cyberattacks in Ukraine did not cause long-term damage, but with each escalation, the hackers may be gauging the world’s willingness to push back.

“If you think about a typical war, some of the acts that have been taken against critical infrastructure in Ukraine and even in the U.S., those would be considered crossing red lines,” Antova said.

President Donald Trump signed an executive order on 11 May aiming to strengthening cybersecurity for federal and infrastructure networks, but critics say that funding cuts included in the administration’s budget proposal leave the nation’s nuclear reactors exposed. A 23 May news release issued by the Nuclear Energy Institute, said Trump’s proposed budget does not sufficiently support the nation’s existing reactors.

This article published courtesy of Homeland Security News Wire

No Comments Yet

Leave a Reply

Your email address will not be published.

©2022 Global Security Wire. Use Our Intel. All Rights Reserved. Washington, D.C.