The Trump administration Thursday took the “unprecedented and extraordinary” step of accusing Russia of carrying out cyberattacks against critical national infrastructure, including electric grid, water processing plant and air transportation facilities.
The alert was the first official confirmation from Washington that Russian actors have penetrated systems that could impact the lives of hundreds of millions of people.
The Department of Homeland Security and the FBI have been monitoring Russian hackers on U.S. networks for more than 18 months, and though they have compromised multiple targets, the hackers have stopped short of sabotaging or shutting down power stations.
“Since at least March 2016, Russian government cyber actors targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors,” the U.S. Computer Energy Readiness Team (US-CERT) said.
The alert added that hackers “targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.”
Bloomberg reported in July that Russian actors had infiltrated more than a dozen power plants in seven states. That aggressive campaign has now been expanded to many more states.
Cyberattacks are “literally happening hundreds of thousands of times a day,” Energy Secretary Rick Perry said Thursday. “The warfare that goes on in the cyberspace is real, it’s serious, and we must lead the world.”
Russia has long been linked with attacks on critical infrastructure around the globe. Experts believe Moscow has been conducting cyberwarfare in Ukraine in recent years, using the country as a testbed for attacks against higher-profile targets.
In December 2016, Russian hackers infiltrated a Ukrainian power station and shut off the power to hundreds of thousands of users in what experts said was a stark warning to other countries.
The decision to publicly blame the Kremlin is a significant move for an administration that has been reticent to punish Russia for its attacks on the 2016 U.S. election.
“The fact that the DHS and the FBI have attributed attempts to attack and compromise critical U.S. infrastructure to Russia is unprecedented and extraordinary,” Amit Yoran, the founder of US-CERT, told VICE News.
“I have never seen anything like this,” he said. “It's a wake-up call for the industry and a reminder that we are still not doing the basics well and that our defense needs to constantly evolve and adapt.”
The hackers who targeted power grids were working separately from the two other Russia hacking groups that attempted to disrupt the election. One group focused on stealing documents from the Democratic National Committee and other political entities, while the infamous Internet Research Agency — aka the St. Petersburg “Troll Factory” — focused on spreading disinformation.
The U.S. announced fresh sanctions Thursday against 19 individuals and five entities — including the “Troll Factory” — for “their attempted interference in U.S. elections” in 2016.
Russia is not the only threat to U.S. power grids. VICE News reported earlier this month that North Korea is building a team of hackers who are already probing networks across North America.
Cover image: Wolf Creek generating station in Burlington, Kansas. (Mark Reinstein/Corbis via Getty Images)