The Washington Post, in a story by Julie Eilperin and Adam Entous, reports the discovery of codes associated with Russian hacking in the computer systems of one of the two major electric power utilities in Vermont. The code is associated with malware known as “Grizzly Bear”. Other Russian malware has colorful names, like “Pawn Storm”, a maneuver in chess with the opposing armies are castled on opposite sides of the board (like the Yugoslav Attack against the Dragon Sicilian).
The journalists confirmed the story with DHS, which would not say which company was involved.
Malware might cause a power station to overload a large transformer connecting it to other utilities, burning it up, creating a very difficult problem for replacement in reasonable time, as Ted Koppel had explained in his Nov. 2015 book “Lights Out”.
On Nov. 5, I reported a Sinclair Broadcasting story about “Black Energy” malware discovered at one or more unspecified utilities in 2012, and being impossible to remove.
There are no reports yet of any malware causing outages, as far as reported in the media.
The Vermont infection apparently occurred when an employee opened a link or attachment in a “phishing” email disguised to look like official company workplace business. The email might have purported to come from a vendor or a customer. It is actually more difficult to defend against phishing attacks in the workplace than it is at home for savvy users, who know their own personal operations well enough to suspect phishing emails at sight.
Normally it is very difficult to get to the grid components directly, as they are not supposed to be connected topologically to the public Internet. This sounds like a problem Donald Trump could talk about quickly.
National security experts have cautioned president Obama about his mode of retaliation against Russia for the supposed hack of both parties during the 2016 election, backed up by circumstantial evidence. Vox has good articles by Yochi Darezan and Timothy B. Lee . I personally don’t think Hillary Clinton lost the electoral vote because of hacking. Comey’s letter (on the emails), Obamacare price hikes, and poor campaigning before certain “resentful” parts of the electorate (the Rust Belt), and poor “getting out the vote” among minorities are better explanations for the loss. Ironically, Putin played a “waiting move” with Obama today (by chess analogy) and took no action yet (NBC story). Trump, anyway, won’t be in zugzwang.
I personally visited a nuclear power plant in 1982, at Glen Rose, TX, on a weekend Sierra Club camping trip from Dallas, and have visited the grounds at North Anna, which has limited visitor displays. Ironically, it is near Mineral, VA, where the 2011 earthquake occurred, and in an area with several “intentional” low-tech shared-income rural communities, one of which (Twin Oaks) I toured briefly in 2012.
As the video above claims, the US can also hack into the Russian power grid.
Wikipedia picture of Killington Ski Resort trail, which I visited in February 1973.
(Published: Friday, December 30, 2016 at 9 PM EST)
Update: Dec. 31 early
A newer version of the Washington Post story in print identifies the utility as Burlington Electric, and says that the malware, now called “Grizzly Steppe” was found on a laptop not connected to the grid. No actual outages or hardware damage has occurred. Homeland Security was notified immediately when the malware was discovered. The company has a statement about the incident on its home page now.
The Wall Street Journal weekend edition now has a story online by Jennifer Levitz here. But Rebecca Smith has a story about a ransomware incident (resulting in bitcoin payment) at a Michigan utility (Lansing Board of Water and Light) in April 2016, here. That sounds coincidentally alarming given the problems with the Flint MI water supply (which disproportionately affect low income people and their kids) after gross mismanagement, as covered in the media in 2016. Smith also has a story “Fears over U.S. power grid” Dec. 30, p. B3 in print Saturday, explaining how multiple attacks in Ukraine have happened (one on Dec. 23, 2015), and the penetration of four more electric utilities (and thirteen other companies) in 2014, apparently with similar “Russian” malware.
Wikipedia picture of Burlington, from Lake Champlain wharves, link. I have been there once, as a child.