Cyber Attacks On U.S. Energy Plants Reach "Urgent" Level

The FBI and the Department of Homeland Security have issued a joint report indicating that a recent round of cyber attacks included malicious activity targeting energy-oriented businesses, including nuclear power plants. The one nuclear power business revealed in the report was the Wolf Creek Nuclear Operating Corp., which operates Wolf Creek 1, a Westinghouse Four-loop pressurized water reactor located near Burlington, Kan.

Wolf Creek The two agencies then released a statement that said, “there is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.”

Wolf Creek and the Nuclear Energy Institute (NEI) also issued statements that said that operations at the plant – or any plant in the country – had not been compromised. Jeff Keeley of the NEI said no plants had reported any attacks on operational systems, which plants are required to do in the event of an attempted hack that targets infrastructure, operations or services of a power plant.

The New York Times noted, however, that the security report, which they have seen, was listed as “urgent,” which is the second highest level of concern for national security issues. The report also indicated that the cyber attacks bore similarities to tactics used by Energetic Bear, a hacking group identified in 2012 as originating in Russia.

The origin of the recent attacks was not known, however.

There have been various strategies to the cyber malfeasance. While targeting administrative networks, the attacks deploy different strategies, often targeting plant technicians or operators. In one, attackers send employment resumes or other seemingly harmless material, which includes corrupting codes buried inside. When the recipient clicks on the material, the hackers either gain access to other computers in the network or they are able to re-direct all network traffic to go through their – the hacker's – computers before it is channeled to the Internet. That second method is called a Man in the Middle attack, because it puts the hackers in the middle of outside communications.

It is noteworthy that the target of the attacks may appear to be computers, but the real target is often people. While monitoring an operator's online activity, hackers can then corrupt the websites that the operator frequents, at which point future attacks would originate from third-party locations.

Anonymous comments will be moderated. Join for free and post now!