Trump’s Meet with Putin, Xi Rekindles Concerns re Power and Energy Cyberthreats
President Donald J. Trump and family’s visit to Europe and his meeting with Russian President Vladimir Putin at this year’s G20 conference is once again raising questions and heat on the president and his closest advisers regarding their dealings with Russians during his election campaign, as well as his administration’s stance on international trade and his decision to withdraw the US from the UN Paris Climate Accord.
Decentralization, digitization and “decarbonization” of power and energy continues apace, both in the US and worldwide, the Trump administration’s policy platform and actions taken to date notwithstanding, however. Hard evidence regarding the returns, advantages and benefits continues to accumulate, from reduced power and energy costs, reductions in greenhouse gas emissions, pollution and environmental degradation to “green” tech innovation, job creation and local and national economic stimulus. That said, significant obstacles and challenges stand in the way of the distributed “green” energy transition, the vulnerability of network-connected power grids, generation and storage assets to cyberattacks prominent among them.
“Not only the Russians, but also the Chinese and other actors are consistently targeting our energy sector. Russia has parasitically woven themselves throughout our grid and typically use these positions for surveillance purposes, while China does this to steal IP (intellectual property) and technology for replication in China as demanded by their 13th Five-Year plan to become less dependent on Western tech,” according to James Scott, senior fellow at ICIT, the Institute for Critical Infrastructure Technology.
Cold War redux in cyberspace
“Recently there’s been a lot of talk about the ‘Russians’ attacking America’s energy grid, but few details have been disclosed as to how these revelations have been discovered. Now, more than ever, it is critical to understand the true threats that exist while simultaneously being cautious not to perpetuate the, ‘It’s the Russians!’ Cold War rhetoric,” Scott explained.
In a bid to do just that, ICIT in August 2016 published, “The Energy Sector Hacker Report: Profiling the Hackers Groups that Threaten Our Nation’s Energy Sector.” In it, ICIT says it brings the actual facts to light and “eliminates the fiction as to the actual vulnerabilities, exploits, the actors operating in this space.” Among the key topical areas covered are:
- The Incidents that have Shaped Energy Sector Discussions
- A Breakdown of the Major Components of our Energy Grid
- The Expanding Threat Landscape
- The Threats to the Energy Sector
- Energy Sector Threat Actors
“Among our Nation’s critical infrastructures, the Energy Sector is a primary target for exploitation by nation state and mercenary APTs, hacktivists, cyber jihadists and other hacker teams. General, broad stroke conversations on the softball topic of ‘resiliency’ are being had in micro bureaucracies throughout the industry with little attempt being made to dissect the threat actors or the toolkits being used to exploit the seemingly endless layers vulnerable to attack,” the report authors caution in the report’s introduction.
They proceed to quote the Honorable Deborah Lee Jackson of the United States Air Force regarding the US power and energy sector’s cybersecurity posture. “We are in the most complex, uncertain, and rapidly changing threat environment…We never seem to correctly predict what happens next.”
Fortunately, when it comes to power grid cyberthreats and cyberattacks, “nothing really of note has transpired in 2017 that could compare to the 2003 Northeastern Blackout or Stuxnet in 2010,” Scott said. That shouldn’t lull the industry and powers that be into a false sense of security, however; Scott, ICIT and energy security experts caution.
“Within energy organizations, leadership changes and priorities shift, but the need for resiliency outlasts. Threats to the sector are relentless and are increasing as systems become more interconnected and accessible,” Jackson wrote. “At a time when cyber and physical security are most vital to combat the plague of adversaries waging war on Western Nations, it is critical to analyze the most complete picture of domestic and foreign threats.”
Furthermore, “organizations cannot thoroughly defend themselves against the evolving stealth and technical sophistication of this expansive threat landscape until actor profiles, vectors of attack, bad actor techniques and exploit evolution are injected into the energy sector resiliency conversation,” ICIT points out. “Industry threats and capabilities will continuously change and evolve and this report is meant to offer nothing more than a starting point for the content that the energy sector resiliency conversation is lacking.”
Scott added that ICIT experts are asked to brief US Dept. of Energy (DOE) officials and staff on these issues regularly. “When I go in there, the entire room is typically packed. They are aggressively taking this problem on while simultaneously refraining from regulations that could stifle innovation. I think that they are doing what they can.
In addition, ICIT experts briefed the North American Electricity Reliability Corporation’s (NERC) Electricity Information and Analysis Sharing Center (E-ISAC) a few weeks ago. “They are also taking this new threat landscape very seriously,” Scott said.
A grid-IoT labyrinth
For its part, ICIT is more concerned about the vulnerability of small and medium-sized power and energy utilities and services providers to cyberthreats and cyberattacks as opposed to their large counterparts, who have more in the way of resources and capacity to dedicate to cybersecurity, and, generally speaking, are more cognizant of and current on these issues.
According to Scott: “Small and medium size organizations are typically the ones who have ‘Frankensteined’ IoT [Internet of Things] microcosms that are a labyrinth of modern and legacy systems pulsating with vulnerabilities waiting to be exploited. These are the organizations that Russia and China target most often.”
Compounding the challenge, it’s very difficult, not to mention time and resource intensive and costly, to trace a cyberattack’s roots to its origin and identify the perpetrators with a high degree of confidence. As Scott explained: “It's so easy to obfuscate digital footprints and leapfrog an attack in a way where the actor can mimic other APT hacking methods.
“The Russians try to mimic the smash and grab hacking style of the Chinese while simultaneously leap frogging from various compromised computers at the Chinese PLA [People’s Liberation Army] and Chinese do the same with Russian hacking style. Then sophisticated cybercriminal gangs and mercenaries for hire do the same.”