U.S. Energy Department helping power firms defend against cyber attacks
Reuters) – The US Department of Energy said Friday that it helps companies defend against the piracy campaign that targets utilities at least one US nuclear power plant, saying the attacks do not have any Impact on the production of electricity or the network.
The news of the attacks broke out there a week when Reuters reported that the Department of Homeland Security and the US Federal Bureau of Investigation issued a warning June 28 industrial companies, pirated targeted sectors warning nuclear infrastructure, Electricity and critical infrastructure.
“DOE is working with our government partners and industry to mitigate any impact of a cyber intrusion affecting entities in the energy sector,” a representative of the Energy Ministry said in an e-mail to Reuters.
“At present, there has been no impact on US energy infrastructure control systems. Any potential impact seems to be limited to administrative and business networks.”
It was unclear who was responsible for the cuts. The joint DHS-FBI report did not identify the attackers, but described the courts as “persistent advanced threat,” a term commonly used by US officials, but not always to describe the perpetrators’ attacks.
DOE examined its response to the attacks after Bloomberg News reported Friday that the Kansas nuclear power plant Wolf Creek was one of at least a dozen US utilities raped in the attack, citing aged and ex-US officials who were not named.
A representative of Wolf Creek Nuclear Corp operative declined to say whether the factory was pirated, but said it continued to operate safely.
“There was no operational impact on Wolf Creek, which is because operating systems are completely separate from the corporate network,” company spokeswoman Jenny Hageman said by email.
A separate national security newsletter, released on June 28, includes information on the code used in a hacking tool that suggests hackers have attempted to use the password of a Wolf Creek employee accessing the network.
Hageman declined to say whether the hackers had access to the employee’s account. The employee could not be reached for comment.
The June 28 alert, he said, observed pirates using contaminated emails to collect their network access credentials from their targets.
“Historically, cybernetic players strategically targeted the energy sector with different cyber espionage targets disrupting energy systems in the event of a hostile conflict,” the report said.
David Lochbaum, an expert non-profit group of the Union of Nuclear Scientists, said the reactors have some immunity against cyber attacks because their operating systems are separate digital business networks. But over time, it would not be impossible for hackers to potentially harm.
“Perhaps the increased vulnerability of nuclear power plants to hackers could get their information on plant designs and work schedules with which to carry out a physical attack,” Lochbaum said.
The Department of Energy said it had no shared information on this incident with the industry, including the technical aspects of the attack and mitigation suggestions.
“Government security and industry professionals work closely together to share information so that operators of power systems to defend their systems,” said the agency’s representative.
Earlier, the FBI and DHS issued a joint statement stating “There is no indication of a threat to public safety,” since the impact appears to be limited to administrative and business networks.
The Nuclear Regulatory Commission has received no notification of a cyber event that affected critical systems at a nuclear plant, spokesman Scott Burnell said.
A spokesman for the nuclear industry said on Saturday that hackers have never had access to a nuclear power plant.