According to a new joint report issued by the US Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), hackers have been penetrating the computer networks of companies that operate nuclear power stations, energy facilities, and manufacturing plants in the US since May 2017. The joint report carried an urgent amber warning, which is the second-highest rating for the sensitivity of a threat. The report was publicized by the New York Times last week.
According to the report, an "advanced persistent threat" actor was responsible for the attacks, which has included thus far:
- Hackers writing targeted email messages containing fake resumes for control engineering jobs and then sending them to senior industrial control engineers who have access to critical industrial control systems. The resumes were Microsoft Word documents that contained malicious code. Once the recipient clicks on the document, the attackers copy the recipient's credentials and access the network.
- Hackers compromising websites they know their victims visit (watering hole attack).
- Hackers redirecting the victims' internet traffic through their own machines (man-in-the-middle attack).
The report does not say whether the cyber intrusions are an attempt at espionage, or part of a plan to cause physical damage. Nor is there any indication as to how many facilities were compromised. The report does state, however, that the hackers appear to be mapping out computer networks for future attacks.
In a joint statement issued by the DHS and FBI, a spokesperson for the DHS said "There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks." John Keeley, a spokesperson for the Nuclear Energy Institute (which works with the 99 utilities that operate nuclear plans in the US), said nuclear facilities are required to report cyber attacks that relate to their safety, security and operations. None have reported any cyber attacks thus far.
On May 11, as the attacks were ongoing, President Trump signed an executive order to strengthen the cybersecurity of federal networks and critical infrastructure.
If you or your enterprise is engaged in the energy or manufacturing sectors, cyber threat preparation and monitoring is your first line of defense against bad actors. Dentons' team of cybersecurity experts can assist you in establishing and implementing an effective and compliant incident response plan and set of programs to monitor internal and external threats, including threat intelligence and access control and vulnerability assessments.
For more information, visit our Privacy and Cybersecurity blog at www.privacyandcybersecuritylaw.com
About Dentons
Dentons is the world's first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world's largest law firm, Dentons' global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries. www.dentons.com
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances. Specific Questions relating to this article should be addressed directly to the author.
