I was so tired tonight that I could barely stay awake, and I was actually thinking the unthinkable – to go to bed without publishing a morning post. And then, as I made one last scan of the headlines, I saw this:
Cyberattacks Put Russian Fingers on the Switch at Power Plants, U.S. Says
And I was suddenly wide awake.
Russia interfered with our election in 2016. That is no longer speculation … that is fact. But guess what? That isn’t all they are capable of doing.
“We now have evidence they’re sitting on the machines, connected to industrial control infrastructure, that allow them to effectively turn the power off or effect sabotage,” said Eric Chien, a security technology director at Symantec, a digital security firm. “From what we can see, they were there. They have the ability to shut the power off. All that’s missing is some political motivation.”
According to a report by the U.S. Department of Homeland Security issued yesterday, 15 March 2018:
“Since at least March 2016, Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.”
To put it simply, if Russia so chose, they have the capability to shut down our power grids, water systems, air traffic controls and more. U.S. Intelligence agencies have been aware for a year and a half that the Russians had this capability, and last June issued warnings to utility companies. The latest information comes on the heels of Trump finally imposing the sanctions against Russia that were unanimously passed by Congress last year. Could these sanctions be the ‘political motivation’ of which Mr. Chien speaks?
According to an article in yesterday’s New York Times …
The groups that conducted the energy attacks, which are linked to Russian intelligence agencies, appear to be different from the two hacking groups that were involved in the election interference. That would suggest that at least three separate Russian cyberoperations were underway simultaneously. One focused on stealing documents from the Democratic National Committee and other political groups. Another, by a St. Petersburg “troll farm” known as the Internet Research Agency, used social media to sow discord and division. A third effort sought to burrow into the infrastructure of American and European nations.
Russian cyberattacks surged last year, starting three months after Mr. Trump took office. American officials and private cybersecurity experts uncovered a series of Russian attacks aimed at the energy, water and aviation sectors and critical manufacturing, including nuclear plants, in the United States and Europe. In its urgent report in June, the Department of Homeland Security and the F.B.I. notified operators about the attacks but stopped short of identifying Russia as the culprit.
By then, Russian spies had compromised the business networks of several American energy, water and nuclear plants, mapping out their corporate structures and computer networks. In an updated warning to utility companies on Thursday, Homeland Security officials included a screenshot taken by Russian operatives that proved they could now gain access to their victims’ critical controls.
Rather like the hacking of our 2016 elections, which the intelligence community informs us is ongoing and is expected to affect the mid-terms this November, our response to this situation seems rather tepid. The sanctions Trump imposed yesterday fell short of those that had been passed by Congress last year. Trump finally joined our allies in stating that Putin was in all likelihood responsible for the chemical attack on a former Russian spy and his daughter in the UK, but it took him two weeks. Will he instruct our intelligence agencies to actively pursue these hackers? Can the agencies act without his blessing? If so, will they? These are questions whose answers are beyond my field of knowledge, but I think they are important for us to ask.
If you haven’t read One Second After by William Forstchen, I highly recommend it. I read it a few years ago, and while I did not write a review, I did write another post in January 2017 that summarized the book and touched on the “what-if” of an enemy effectively shutting down our power grid. While I am not an alarmist, I do recognize there is potential for disaster here. The potential has been there for a while, but I ask you this: Do you actually trust Donald Trump to do everything in his power to stop Russia from interfering in our elections, or even worse, from causing infrastructure disruptions likely to cost millions of lives? I don’t. His promise to “keep America safe” is naught but hot air. It is time he step up to the plate, or else step aside and let somebody else bat.
And on that note, I shall now go to bed and try to sleep.