Hackers have been targeting computer networks of companies managing nuclear power plants across the United States since May, according to a report from the Department of Homeland Security and the FBI obtained by the New York Times. But, supposedly, everything should be OK?
Anyway, one of those facilities is a nuclear power plant run by Wolf Creek Nuclear Operating Corporation, located near Burlington, Kan., according to the joint report that the Times obtained. Whether the hackers were trying to cause destruction or steal state secrets was not stated in the report, and the number of facilities hit, or if the hackers were able to move from compromised computers to the control systems of the facilities was also unclear.
But the FBI and Department of Homeland Security said there is no threat to public safety, because “any potential impact appears to be limited to administrative and business networks.”
It is not known who may have carried out the hacks, but the report described the actor as an “advanced persistent threat.” In such an attack, the goal is to enter the network and leave as quickly as possible to avoid detection. Gaining access in the future is also an aim, in addition to stealing credentials and creating backdoors.
Here are more details on the hacks:
The hackers appeared determined to map out computer networks for future attacks, the report concluded. But investigators have not been able to analyze the malicious “payload” of the hackers’ code, which would offer more detail into what they were after.
John Keeley, a spokesman for the Nuclear Energy Institute, which works with all 99 electric utilities that operate nuclear plants in the United States, said nuclear facilities are required to report cyberattacks that relate to their “safety, security and operations.” None have reported that the security of their operations was affected by the latest attacks, Mr. Keeley said.
In most cases, the attacks targeted people — industrial control engineers who have direct access to systems that, if damaged, could lead to an explosion, fire or a spill of dangerous material, according to two people familiar with the attacks who could not be named because of confidentiality agreements.
Thing is, we genuinely shouldn’t panic, maybe, hopefully. As WIRED explains, there is a big difference between gaining access to company business computers and being able to control the actual equipment inside of a nuclear power plant—an intrusion versus a malicious attack.
We don’t know if the hackers accessed actual control system networks, either.
Robert M. Lee, the founder of critical infrastructure cybersecurity firm Dragos, told WIRED that these latest attacks are not the same as those that shut down Ukraine’s power grids. Moreover, nuclear disaster by hacking should not be overblown:
Based on years of security assessments of critical infrastructure utilities, he admits that the notion of an “air gap”—a separation between sensitive systems and internet-connected ones—is often illusory. In nuclear plants, by contrast, he says that disconnection is far stricter. “In nuclear environments, they have an air gap,” says Lee. That means that to jump from the corporate network, which these hackers reportedly probed, to the critical control systems would be far more difficult than in other industrial facilities.
Yes, we should be concerned that someone is accessing computer networks at companies that run nuclear power plants, but that is not the same as controlling a physical nuclear structure.
Though that’s probably coming eventually.