A hot potato: Cyber threats to industrial infrastructure should be taken seriously, says Robert M. Lee, CEO of cybersecurity firm Dragos, but some publications are using "choice words" that mislead and hype up the issue.
Russian hackers working for a shadowy state-sponsored group previously identified as Energetic Bear or Dragonfly infiltrated the control rooms of US electric utilities last year as part of a long-running and dangerous campaign that claimed “hundreds of victims” according to a recent report from The Wall Street Journal.
Officials with the Department of Homeland Security said the hackers broke into supposedly “air-gapped” networks by first penetrating the networks of key vendors that had trusted relationships with utility companies.
Jonathan Homer, chief of industrial-control-system analysis for DHS, said it got to a point where the hackers could have disrupted power flows.
Monday’s briefing was the first time that DHS officials have provided this level of detail to the public. While the department didn’t call out victims by name, it did confirm that there were hundreds of victims, not just a few dozen as had previously been reported.
Then there’s the almost mocking note that supposedly these networks were supposed to be air gapped; except no one serious in the discussion considers control centers for electric grid functionality air gapped. It’s subtle but positions that this is a shock but it’s not— Robert M. Lee (@RobertMLee) July 24, 2018
Robert M. Lee, founder and CEO of cybersecurity firm Dragos, points out on Twitter that while warnings of threats are extremely important as they are becoming much more frequent, some of the language used in articles like those from The Wall Street Journal is not helpful and can be misleading.
Lee noted last September that “our adversaries are at the starting point of their journey to cause significant disruption to our power grid, not the finish line.”
Lee isn't wrong. The truth is, hardly any of us are familiar with the complexities of the US electric grid and the level of progress that hackers may or may not have achieved.