The power grid is old and outdated. The United States is at grave risk by any government hackers or criminals who want to take us down. Hackers have gained access to our power grid and are likely embedded in the system.
Very few are looking at the Russian hacking story objectively. They might have hacked the election and a computer at a Vermont utility but the story is politicized and is used to diminish Donald Trump’s presidency. At the same time, there is a serious hacking issue, just not in the way they describe it.
Hacking of Our Power Grid Is Politicized
Joe Scarborough said on Morning Joe Monday that Russian malware was found on a laptop in a Vermont utility as if it’s proven fact. It certainly isn’t proven it’s the Russians or the Russian government.
“The U.S. government is continuing, as we speak of Russia,” Scarborough said, “to grapple with the suspected cyber-attacks by that country. The latest: Russian malware discovered on a laptop at a small Vermont electric provider.”
“The utility company said it discovered the virus before it can affect the computers connected to the grid,” he continued. “The Homeland Security Department has warned operators of critical infrastructure to be on a lookout for a code associated with, quote, ‘grizzly steppe.’ But they say that Russia’s cyber operations targeting the U.S. government, political organizations, businesses, and citizens could be widespread.”
There are several errors in Scarborough’s statement. For one thing, the virus was not “discovered before it was spread”. The computer was not even hooked up to the grid. For another, “grizzly steppe” is a common handle available to many hackers and it’s been blocked with everyday software for three years. That’s how the utility was able to find it.
Also Monday, Bloomberg Politics referred to a Russian hacking code found in a Burlington, Vermont utility computer. They wrote, “The laptop wasn’t connected to the power grid at the time…” when in fact this computer is never connected to the grid.
In the next paragraph, the Bloomberg reporter explains that they don’t know where it came from and haven’t investigated yet.
“We took immediate action to isolate the laptop and alerted federal officials of this finding,” utility spokesman Mike Kanarick said in the statement. “Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully.”
Malware from all over the world is found routinely in computers, especially PCs, sometimes it’s hit or miss, sometimes it’s because an employee fell for a phishing attack or something similar. Criminals and governments continuously change malware codes and as a result virus protections are updated daily, sometimes more frequently. What we are saying is this is not unusual as they make it sound.
Though Bloomberg claims “Grizzly Steppe” is directly tied to Russians and is responsible for the hacking of Clinton emails, we have not seen the evidence of that. Grizzly Steppe can in fact be used by anyone and is believed to have come from Ukraine.
Protecting our systems should be a top priority and we are behind the rest of the world. The problem has existed for years. Politicizing it adds to the problem.
Senator Leahy is suddenly concerned and dramatically so.
“This is beyond hackers having electronic joy rides — this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter,” Senator Patrick Leahy said in a statement on Friday. “That is a direct threat to Vermont and we do not take it lightly.”
AP Investigated with Ominous Results
Whatever it takes. Attacks on our power grid are a serious issue and need to be addressed.
In 2015, The Associated Press conducted a year-long study of our power grid only to discover that foreign entities have control over our grid. Hackers from Iran, China, and Russia and even ISIS have been attempting to breach the grid or have succeeded in attacking it.
Iranians have already gained access to our grid. Digital clues pointed to Iranian hackers. They had already taken passwords, as well as engineering drawings of dozens of power plants, at least one with the title “Mission Critical.” The drawings were so detailed that experts say skilled attackers could have used them, along with other tools and malicious code, to knock out electricity flowing to millions of homes.
This is not a unique situation. Every year, sophisticated foreign hackers gained remote access to control operations networks that keep power flowing. There have been 12 attacks in 10 years according to the AP. USA Today also researched and found more than 300 attacks in 2015 alone.
There are so many attackers stowed away in the systems that run the grid that they can probably strike at will, AP reported.
Iran is an imminent danger.
“If the geopolitical situation changes and Iran wants to target these facilities, if they have this kind of information it will make it a lot easier,” said Robert M. Lee, a former U.S. Air Force cyberwarfare operations officer. “It will also help them stay quiet and stealthy inside.”
Attributing attacks is notoriously tricky.
Neither U.S. officials nor cybersecurity experts would or could say if the Islamic Republic of Iran was involved in the attacks discovered involving Calpine Corp., a power producer with 82 plants operating in 18 states and Canada.
Iranian hackers could have taken control of a dam in Rye, New York after they hacked it but chose not to.
Private firms have alleged other recent hacks of networks and machinery tied to the U.S. power grid were carried out by teams from within Russia and China, some with governmental support.
In 2012 and 2013, in well-publicized attacks, Russian hackers successfully sent and received encrypted commands to U.S. public utilities and power generators; some private firms concluded this was an effort to position interlopers to act in the event of a political crisis.
The Department of Homeland Security announced about a year ago that a separate hacking campaign, believed by some private firms to have Russian origins, had injected software with malware that allowed the attackers to spy on U.S. energy companies.
Even the Islamic State group is trying to hack American power companies, a top Homeland Security official told industry executives in October 2015.
“ISIL is beginning to perpetrate cyberattacks,” Caitlin Durkovich, assistant secretary for infrastructure protection at the Department of Homeland Security, told company executives.
The Islamic State has been unsuccessful to date insofar as we know.
The hackers gained access to an aging, outdated power system. Many of the substations and equipment that move power across the U.S. are decrepit and were never built with network security in mind; hooking the plants up to the Internet over the last decade has given hackers new backdoors in. Distant wind farms, home solar panels, smart meters and other networked devices must be remotely monitored and controlled, which opens up the broader system to fresh points of attack.
USA Today’s Investigation Found Our Power Grid Is In Jeopardy
USA Today conducted their own research in March, 2015 and found far more than a dozen.
An examination by USA Today in collaboration with more than 10 Gannett newspapers and TV stations across the country, and drawing on thousands of pages of government records, federal energy data and a survey of more than 50 electric utilities, found:
- More often than once a week, the physical and computerized security mechanisms intended to protect Americans from widespread power outages are affected by attacks, with less severe cyberattacks happening even more often.
- Transformers and other critical equipment often sit in plain view, protected only by chain-link fencing and a few security cameras.
- Suspects have never been identified in connection with many of the 300-plus attacks on electrical infrastructure since 2011.
- An organization funded by the power industry writes and enforces the industry’s own guidelines for security, and decreased the number of security penalties it issued by 30% from 2013 to 2014, leading to questions about oversight.
- A major cyber attack of the U.S. electric grid could cause over $1 trillion in economic impact and roughly $71.1 billion in insurance claims, said one report.
The investigation looked at the financial impact of a scenario in which 15 states and Washington, D.C. suffer a blackout as a result of a cyber attack on the power grid. The scenario is created by the University of Cambridge Centre For Risk Studies, which uses some real life, publicly known cases to create the model. The report is also co-produced by Lloyd’s.
“Cyber attacks are often treated as a problem of technology, but they originate with human actors who employ imagination and surprise to defeat the security in place,” said one investigator.
The hackers appear to be in place and if we keep up the PC hiring, more will be in these positions.
The Response Must Be Reevaluated
Most of the hackers are never identified yet Senator John McCain is out telling reporters that Russia must be punished.
“We will be working for much tougher sanctions against Russia. They attacked the United States of America,” McCain said. “The hacking was an attack and we should be treated as such and we think their financial institutions and other aspects of the Russian economy should be addressed.”
He hasn’t seen the evidence and is playing the part of the left’s useful idiot.
There are so many countries and criminals hacking us that the answer can’t be to simply punish Russians. We must update our infrastructure and our systems of detection. Hiring must be geared towards keeping the country safe, not political correctness.