Narong Jongsirikul - Fotolia
An electrical power company in Burlington, Vermont has quashed reports that the US power grid was breached by Russian cyber attackers.
According to its website, the Burlington Electric Department scanned its systems in response to an alert by the Department of Homeland Security (DHS) about Russian malware dubbed Grizzly Steppe.
The malware has been linked to cyber espionage targeting the Democratic National Committee (DNC), Hillary Clinton’s campaign and other political organisations in an effort to influence the recent US presidential election.
“We detected suspicious internet traffic in a single Burlington Electric Department computer not connected to our organisation’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding,” the company said.
Investigations revealed that there was no indication that either the company’s electric grid or customer information has been compromised.
“Media reports stating that Burlington Electric was hacked or that the electric grid was breached are false,” the company said.
The statement said federal officials have indicated that this specific type of internet traffic has been observed elsewhere in the country and is not unique to Burlington Electric.
“It’s unfortunate that an official or officials improperly shared inaccurate information with one media outlet, leading to multiple inaccurate reports around the country,” the company said.
The Washington Post updated its report, saying: “An earlier version of this story incorrectly said Russian hackers had penetrated the US electric grid. Authorities say there is no indication of that so far.”
Tension builds between US and Russia
Fears of a breach of the US power grid further heightened tensions between the US and Russia, coming just days after the Obama administration ordered new sanctions and the expulsion of 35 Russians in retaliation for efforts to influence the US presidential election.
According to the Washington Post’s latest report, the “suspicious internet traffic” detected by the Burlington Electric Department refers to an employee’s laptop connecting to an IP address associated by authorities with the Grizzle Steppe hacking operation.
But, as stated by the utility company, traffic with this particular IP address is found elsewhere in the country and is not unique to Burlington Electric, suggesting the company was not being targeted by the Russians.
Officials now say it is possible that the traffic is benign, since this particular IP address is not always connected to malicious activity, the report said.
Investigations of the Burlington Electric laptop revealed software tools found in the Neutrino exploit kit designed to enable cyber attackers to take advantage of vulnerabilities in commonly used software.
The report said the Neutrino tools do not appear to be connected with Grizzly Steppe, but the FBI is investigating how the hacking tools were installed on the laptop.
Terror groups biggest cyber threat to US, says expert
In November 2016, veteran US investigative reporter Ted Koppel told Intel Security’s annual Focus conference in Las Vegas that despite the risk of a cyber attack blackout, the US is unprepared for the consequences.
Author of Lights Out, an investigation into the likelihood of a cyber attack on the US power grid, Koppel said while a cyber attack on the US power grid is likely, preparations for such an event are not up to scratch.
“This is a new kind of warfare, and the problem of escalation can happen very quickly and can get out of control very quickly,” he said.
“If ever there was a subject in an intelligent democracy that needs public discussion, where we need to raise public awareness, I think this is it.”
However, Koppel believes the threat to the US power grid is not likely to come from the Russians or Chinese because they are vulnerable to similar attacks. The real threat, he believes, is from terror organisations that have nothing to lose by unleashing such attacks.
Read more about cyber war
- Terror groups are more likely than nation states to unleash cyber weapons and critical infrastructure is the most likely target, warns Kaspersky Lab chief.
- There is a lot of “fog” surrounding cyber weapons and cyber war because there is no way of knowing the true capability of any country, says security expert Mikko Hypponen.
- Countries are not attacking each other but striking at the IT infrastructure of enterprises in rival states, says security pundit Bruce Schneier.
- Armed forces minister Nick Harvey reveals the UK is working on a cyber-weapon programme with offensive capabilities to counter cyber warfare threats to national security.