According to a new joint report issued by the US Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), hackers have been penetrating the computer networks of companies that operate nuclear power stations, energy facilities, and manufacturing plants in the US since May 2017. The joint report carried an urgent amber warning, which is the second-highest rating for the sensitivity of a threat. The report was publicized by the New York Times last week.
According to the report, an “advanced persistent threat” actor was responsible for the attacks, which has included thus far:
- Hackers writing targeted email messages containing fake resumes for control engineering jobs and then sending them to senior industrial control engineers who have access to critical industrial control systems. The resumes were Microsoft Word documents that contained malicious code. Once the recipient clicks on the document, the attackers copy the recipient’s credentials and access the network.
- Hackers compromising websites they know their victims visit (watering hole attack).
- Hackers redirecting the victims’ internet traffic through their own machines (man-in-the-middle attack).
The report does not say whether the cyber intrusions are an attempt at espionage, or part of a plan to cause physical damage. Nor is there any indication as to how many facilities were compromised. The report does state, however, that the hackers appear to be mapping out computer networks for future attacks.
In a joint statement issued by the DHS and FBI, a spokesperson for the DHS said “There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.” John Keeley, a spokesperson for the Nuclear Energy Institute (which works with the 99 utilities that operate nuclear plans in the US), said nuclear facilities are required to report cyber attacks that relate to their safety, security and operations. None have reported any cyber attacks thus far.
On May 11, as the attacks were ongoing, President Trump signed an executive order to strengthen the cybersecurity of federal networks and critical infrastructure.
If you or your enterprise is engaged in the energy or manufacturing sectors, cyber threat preparation and monitoring is your first line of defense against bad actors. Dentons’ team of cybersecurity experts can assist you in establishing and implementing an effective and compliant incident response plan and set of programs to monitor internal and external threats, including threat intelligence and access control and vulnerability assessments.
Dentons is the world’s largest law firm, a leader on the Acritas Global Elite Brand Index, a BTI Client Service 30 Award winner, and recognized by prominent business and legal publications for its innovations in client service, including founding Nextlaw Labs and the Nextlaw Global Referral Network. Dentons’ global Privacy and Cybersecurity Group operates at the intersection of technology and law, and was recently singled out as one of the law firms best at cybersecurity by corporate counsel, according to BTI Consulting Group.