Government and officials of the utility industry have long feared that an aggressive and malevolent hacker could disrupt emergency and medical services by taking down the US electrical grid.
The Washington Post reported on December 30, 2016 that a Russian hacking group named Grizzly Steppe had inserted code within a Vermont utility.
Officials with the Vermont utility discovered the code and reported it to federal officials on the same day.
The Russians don’t appear to have used the code to interfere with the operations of the unnamed utility. However, the fact that they were able to breach the plant’s system is cause for great alarm.
An experiment by US cybersecurity experts showed that malicious code could cause a physical breakdown of a power plant.
The US government takes this breach extremely seriously. In fact, DHS and FBI officials along with the Office of the Director of National Intelligence shared the malware code with executives from 16 different US sectors including:
Once again, soft targets provided ready access to the hackers. Using fraudulent emails, they tricked the recipients into revealing their passwords.
Precedent exists for this action. Russian hackers were accused of launching a cyberattack on the electrical grid in the Ukraine. A December 2015 hack in Kiev destabilized the power grid and caused a black out in part of the capital.
The Ukrainian President Petro Poroshenko accused Russian hackers of attacking state institutions 6,500 times during the previous two months—in effect “a cyber war.”
Despite Obama’s sanctions against Russia, the friendliness of the President-Elect towards Putin suggests a thaw with Russia may be in the future.
However, US citizens should consider this intrusion of their electrical grid to be an extremely serious matter.