Department of Homeland Security officials confirmed a story, first reported by The Wall Street Journal, that nation-state hackers were suspected of breaking into the computer systems that run “hundreds” of U.S. utilities.
DHS spokesperson Lesley Fulop said the statements cited by the Journal were taken from an agency webinar hosted July 23. "As we say in the webinar, this activity took place last summer," she said in an email.
Fulop said attackers were able to access a "very small" asset that "would not have had any impact on the larger grid if taken offline." She said government agencies investigated the activity, and worked closely with private sector companies to "learn additional information ... helpful to industry in defending against this threat."
The revelations come on the heels of predictions by Director of National Intelligence Dan Coats of an impending cyberattack on par with the Sept. 11 terrorist attacks. Coats, who oversees the National Security Agency and Central Intelligence Agency, among other departments, said Russia was more aggressive, but Iran had also poised on U.S. infrastructure, and China also posed a continued cyberthreat.
U.S. officials have been raising alarms about nation-state interference and intrusions on U.S. infrastructure, especially from Russia, in recent weeks.
But this is far from the first warning from government officials about a significant upcoming cyber-event, nor the first time nation-states have made robust, successful efforts to penetrate public sector computers.
In one early case, in 1986, hackers from Soviet-controlled East Germany penetrated computer networks at the University of California at Berkeley. They sought confidential materials from the Lawrence Berkeley National Laboratory, which conducts defense industrial work including for the Department of Energy.
A popular book about the attack decried the lack of cooperation between the government and university researchers, including the FBI, CIA and NSA – a familiar storyline that still plays out today, including during the 2016 attacks against the Democratic National Committee.
In 1991, cybersecurity expert Winn Schwartau used the term “Cyber Pearl Harbor” in congressional testimony. Schwartau described a devastating attack that would wreak havoc on society at large.
In 1999, the Department of Defense traced attacks against infrastructure at Kelly Air Force Base in San Antonio to Russia, a strike aimed at capturing classified information. CNN quoted former Pennsylvania Rep. Curt Weldon at the time as saying: "There is an attack under way. You can basically say we are at war.”
In 2002, research company Gartner, the U.S. Naval War College and a collection of security experts authored a case study called “Digital Pearl Harbor,” in which they played out several possible attacks on U.S. infrastructure. Of those who participated, according to analysis from the event, 79 percent of them “said that a strategic cyberattack is likely within the next two years.”
In 2008, the House Energy and Commerce Committee held a hearing on “cybersecurity threats to the electric grid.” It heard experts testify that “bulk power” suppliers had not been the only targets of nation-states, but smaller suppliers and vendors as well.
In 2012, Defense Secretary Leon Panetta gave a speech predicting a cyberattack that could be as destructive as 9/11: “Such a destructive cyber terrorist attack could paralyze the nation,” he said at the time. In 2013, Homeland Security Secretary Janet Napolitano also said she believed a “cyber 9/11” could happen imminently.
DHS' warnings differ from past ones in the scale of the purported intrusions, said Robert Silvers, who most recently led cybersecurity policy at DHS and is a cybersecurity partner at the law firm Paul Hastings.
“They disclosed that it was hundreds of utilities, which would indicate something beyond experimentation, beyond anything that is super targeted, and instead like a blanket strategy,” Silvers said.
While alarming, Silvers said the revelations “were not shocking,” and indicated private sector utility companies needed to do more to secure themselves in order to protect national infrastructure.
The latest reported attacks also differ because nation-states and individuals have "much greater access to cyberweapons" than before, according to French Caldwell, a cybersecurity researcher formerly with the U.S. Navy and Brookings Institute who co-authored the Digital Pearl Harbor study in 2002.
The DHS findings also point to greater connectivity between utility business operations and the industrial controls that run these companies, he said. That is a change from in the past, when these companies strictly separated industrial controls from offices that do business functions like payroll and customer service, he said.