Hackers believed to be working for a foreign government recently breached at least a dozen U.S. power plants. The Department of Homeland Security and Federal Bureau of Investigation said they are aware of a potential intrusion in the energy sector. The government agencies said in a joint statement “There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.”
The attack sparked concerns the attackers were searching for vulnerabilities in the electrical grid. The Department of Energy said it was working with utilities and grid operators to enhance security. The department said in a statement, “We take any reports of malicious cyber activity potentially targeting our nation’s energy infrastructure seriously and respond accordingly.”
The targets included the Wolf Creek nuclear facility in Kansas, according to current and former U.S. officials. Wolf Creek is an aging nuclear generating facility on a lake shore near Burlington, Kansas owned by Westar Energy Inc., Great Plains Energy Inc. and Kansas Electric Power Cooperative Inc. Wolf Creek began operations in 1985.
The operational controls at Wolf Creek were not pierced, according to government officials. The operating systems at nuclear plants tend to be legacy controls, not digital control systems that can be exploited by hackers. While the core of a nuclear generator is heavily protected, a sudden shutdown of the turbine can trigger safety systems designed to disperse excess heat while the nuclear reaction is halted. If the safety systems are also hacked, it could cause a big issue.
There are concerns that the attacks are meant to eventually disrupt the nation’s power supply. The officials said that a general alert was distributed to utilities a week ago. The alert issued to utilities cited activities by hackers since May. In one incident, hackers recently infiltrated an unidentified company that makes control systems for equipment used in the power industry.
Several private security firms are studying data on the attacks. Determining who is behind an attack can be tricky. When trying to determine whether a foreign government is sponsoring cyber activities, the government looks at several key markers, including the sophistication of the tools. The U.S. National Security Agency is working to confirm the identity of the hackers, who are reportedly using computer servers in Germany, Italy, Malaysia, and Turkey to cover their tracks.
According to three people familiar with the matter, the chief suspect in the attacks is Russia. Russia appears to be testing increasingly advanced tools to disrupt power supplies. Russian hackers previously took down parts of the electrical grid in Ukraine.
The U.S. has several continuing investigations into Russia’s activities. International tensions have flared over the conclusion by U.S. intelligence agencies that Russia tried to influence the 2016 presidential election.