Hackers likely linked to the North Korean government targeted a U.S. electricity company late last month, according to a security firm that says it detected and stopped the attacks.
John Hultquist, director of intelligence analysis for FireEye, said Wednesday that phishing emails were sent on Sept. 22 to executives at the energy company, which he declined to identify. The attacks didn’t threaten critical infrastructure.
It’s the latest evidence of cyberespionage from various government-backed hackers targeting U.S. energy utilities, though experts say such attacks are often more about creating a psychological effect.
COULD IT HAPPEN HERE?
Concerns about hackers causing blackouts have grown since cyberattacks in Ukraine temporarily crippled its power grid in 2015 and 2016.
But a “zombie apocalypse” scenario is unlikely in the United States, said Joe Slowik of Fulton, Maryland-based security firm Dragos, which has researched the attacks on the Ukrainian grid.
“As a realistic scenario, it’s very faint,” he said. But, Slowik said, “somebody who is motivated and lucky enough” could cause significant harm.
It’s easier to hack into emails and a front-end computer system than tap into industrial controls. That’s why, in theory, most energy companies isolate their regular workplace networks from high-security control rooms.
The nuclear power industry, for good reason, is considered to be the best at such security practices. But some smaller and locally focused electricity providers fall short in creating an impenetrable wall around industrial controls, often referred to as an air gap.
“There’s always some sort of a bridge, whether it’s a human being in their sneakers, or a wireless connection,” said Michael Daly, the chief technology officer for cybersecurity and missions at defense contractor Raytheon, based in Waltham, Massachusetts. “There’s no such thing as a totally air-gapped system.”
One thing protecting the U.S. electricity grid from a large-scale outage is that it’s segmented by region. Another thing is military might: Nation-state actors know that crossing the line from routine, long-term surveillance to a true attack on the grid could merit a powerful response.
Neither of those means those protecting critical infrastructure are doing enough.
“There are many reasons to target smart grids,” said Daly. “Nation-states can learn a lot by watching power usage.”
Or they could lay in wait, he said, with the aim of one day pulling the trigger and targeting a grid’s customers by slowing down power or cutting it off completely.
The latest attempted intrusion spotted by Milpitas, California-based FireEye was notable for its boldness, said Hultquist: The malefactors didn’t seem worried about being discovered.
That’s a sign that even if foreign governments aren’t yet interested, or capable, of turning out the lights in New York or Los Angeles, they might at least want to signal that they’re thinking about it. Or they might be laying contingency plans to cause disruption in case of conflict.