Hackers target U.S. nuclear facilities, energy infrastructure

Since May, hackers have been attacking the U.S. energy infrastructure, including at least one company which manages a nuclear power plant in Kansas. The New York Times reported Thursday that the Department of Homeland Security and the FBI issued an urgent report about the attacks last week:

Among the companies targeted was the Wolf Creek Nuclear Operating Corporation, which runs a nuclear power plant near Burlington, Kan…

Wolf Creek officials said that while they could not comment on cyberattacks or security issues, no “operations systems” had been affected and that their corporate network and the internet were separate from the network that runs the plant…

Hackers wrote highly targeted email messages containing fake résumés for control engineering jobs and sent them to the senior industrial control engineers who maintain broad access to critical industrial control systems, the government report said.

The fake résumés were Microsoft Word documents that were laced with malicious code. Once the recipients clicked on those documents, attackers could steal their credentials and proceed to other machines on a network.

Who is behind these carefully planned attacks aimed at our energy sector? According to both the NY Times and Bloomberg, all signs point to Russia. “The chief suspect is Russia, according to three people familiar with the continuing effort to eject the hackers from the computer networks,” Bloomberg reported late Thursday. Russia has previously attacked power grids in Ukraine so there is concern it may be trying to set up for a similar attack here in the U.S.:

The government said it was most concerned about the “persistence” of the attacks on choke points of the U.S. power supply. That language suggests hackers are trying to establish backdoors on the plants’ systems for later use, according to a former senior DHS official who asked not to be identified…

“We’re moving to a point where a major attack like this is very, very possible,”  [industrial control systems specialist Galina] Antova said. “Once you’re into the control systems — and you can get into the control systems by hacking into the plant’s regular computer network — then the basic security mechanisms you’d expect are simply not there.”

Just a couple weeks ago the Washington Post had a detailed report on President Obama’s response to the Russian interference in the election. It contained this paragraph:

Obama also approved a previously undisclosed covert measure that authorized planting cyber weapons in Russia’s infrastructure, the digital equivalent of bombs that could be detonated if the United States found itself in an escalating exchange with Moscow. The project, which Obama approved in a covert-action finding, was still in its planning stages when Obama left office. It would be up to President Trump to decide whether to use the capability.

It’s not clear how far along that process is at this point, but it does make me wonder if some of what we’re seeing from Russia is a response to Obama’s actions before leaving office (and to whatever Trump has done behind the scenes).

Finally, in addition to these two stories, CNN also published a story Thursday evening highlighting a recent uptick in Russian spying activity.

“Russians have maintained an aggressive collection posture in the US, and their success in election meddling has not deterred them,” said a former senior intelligence official familiar with Trump administration efforts…

Since the November election, US intelligence and law enforcement agencies have detected an increase in suspected Russian intelligence officers entering the US under the guise of other business, according to multiple current and former senior US intelligence officials. The Russians are believed to now have nearly 150 suspected intelligence operatives in the US, these sources said. Officials who spoke to CNN say the Russians are replenishing their ranks after the US in December expelled 35 Russian diplomats suspected of spying in retaliation for election-meddling.

All of this sounds genuinely bad and, at this point, I have no reason to doubt that either the hacking attempts, the increase in the number of actual spies entering the country, or Russia’s involement. As Mitt Romney once said (while progressives scoffed), Russia is our #1 geopolitical foe. You don’t have to give me the hard sell to convince me Putin is a villain.

Nevertheless, it seems like quite a coincidence that all three of these stories appeared the day before President Trump is scheduled to have his first meeting with Putin. Assuming these stories are true, President Trump already knows all about this. But the timing does make me wonder if this information is being leaked to the media in an attempt to apply some external pressure on the administration to get tougher with Putin.