“Nation-sponsored hackers have penetrated the operational networks multiple US and European energy companies use to control key parts of the power grid that supplies electricity to hundreds of millions of people, researchers warned Wednesday,” Dan Goodin reports for Ars Technica.
“The incursions detected by security firm Symantec represent a dramatic escalation by a hacking group dubbed Dragonfly, which has been waging attacks against US and European energy companies since at least 2011,” Goodin reports. “In 2014, Symantec reported that Dragonfly was aggressively establishing beachheads in a limited number of target networks, mainly by stealing the user names and passwords used to restrict access to legitimate personnel. Over the past year, the hacking group has managed to compromise dozens of energy firms and, in a handful of cases, install backdoors in the highly sensitive networks the firms use to supply power to the grid.”
“At a minimum, attackers who have control of a company’s operational network could use it to become de facto operators of the company’s energy assets. That control includes the ability to turn on or off breakers inside the companies’ infrastructure and hijack systems that monitor the health of the grid,” Goodin reports. “That’s an unsettling scenario, but there’s a more troubling one still: the attackers might also be able to use their control of multiple grid-connected operational networks to create the kinds of failures that led to the Northeast Blackout of 2003 [in which the grid supplying electricity to 55 million people shut down].”
Read more in the full article here.
MacDailyNews Note: Goodin notes in an update:
After this Ars post went live, several security professionals with expertise in electric grids downplayed the likelihood of the operational network compromises being used to cause blackouts or take down parts of the grid. Robert Lee, the founder and CEO of Dragos Security, said the hackers would need more than the mere ability to control human machine interfaces that flip switches and open and close breakers. While he said an attack that mimicked the techniques that disrupted Ukrainian power in 2015 was possible, he said differences in the US grid would make those tactics much less effective. Lee’s Twitter thread below is well worth reading all the way through:
Lots of buzz about Symantec's Dragonfly 2.0 so I'd like to add some first impression thoughts in this thread. (1/X)
— Robert M. Lee (@RobertMLee) September 6, 2017