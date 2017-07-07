The U.S. Department of Energy said on Friday it
is helping U.S. firms defend against a hacking campaign that
targeted power companies including at least one nuclear plant,
saying the attacks have not impacted electricity generation or
the grid.
News of the attacks surfaced a week ago when Reuters
reported that the U.S. Department of Homeland Security and
Federal Bureau of Investigation issued a June 28 alert to
industrial firms, warning them of hacking targeting the nuclear,
power and critical infrastructure sectors.
"DOE is working with our government and industry partners to
mitigate any impact from a cyber intrusion affecting entities in
the energy sector," a Department of Energy representative said
in an email to Reuters. "At this time, there has been no impact
to systems controlling U.S. energy infrastructure. Any potential
impact appears to be limited to administrative and business
networks."
It was not clear who was responsible for the hacks. The
joint report by the DHS and the FBI did not identify the
attackers, though it described the hacks as "an advanced
persistent threat," a term that U.S. officials typically but not
always use to describe attacks by culprits.
The DOE discussed its response to the attacks after
Bloomberg News reported on Friday that the Wolf Creek nuclear
facility in Kansas was among at least a dozen U.S. power firms
breached in the attack, citing current and former U.S. officials
who were not named.
A representative with the Wolf Creek Nuclear Operating Corp
declined to say if the plant was hacked, but said it continued
to operate safely.
"There has been absolutely no operational impact to Wolf
Creek. The reason that is true is because the operational
computer systems are completely separate from the corporate
network," company spokeswoman Jenny Hageman said via email.
A separate Homeland Security technical bulletin issued on
June 28 included details of code used in a hacking tool that
suggest the hackers sought to use the password of a Wolf Creek
employee to access the network.
Hageman declined to say if hackers had gained access to that
employee's account. The employee could not be reached for
comment.
The June 28 alert said that hackers have been observed using
tainted emails to harvest credentials to gain access to networks
of their targets.
"Historically, cyber actors have strategically targeted the
energy sector with various goals ranging from cyber espionage to
the ability to disrupt energy systems in the event of a hostile
conflict," the report said.
David Lochbaum, a nuclear expert at the nonprofit group
Union of Concerned Scientists, said reactors have a certain
amount of immunity from cyber attacks because their operation
systems are separate from digital business networks. But over
time it would not be impossible for hackers to potentially do
harm.
"Perhaps the biggest vulnerability nuclear plants face from
hackers would be their getting information on plant designs and
work schedules with which to conduct a physical attack,"
Lochbaum said.
The DOE said it has shared information about this incident
with industry, including technical details on the attack and
mitigation suggestions.
"Security professionals from government and industry are
working closely to share information so energy system operators
can defend their systems," the agency representative said.
Earlier, the FBI and DHS issued a joint statement saying
"There is no indication of a threat to public safety" because
the impact appears limited to administrative and business
networks.
The Nuclear Regulatory Commission has not received any
notifications of a cyber event that has affected critical
systems at a nuclear plant, said spokesman Scott Burnell.
A nuclear industry spokesman told Reuters last Saturday that
hackers have never gained access to a nuclear plant.
