Both the New York Times and Bloomberg reported on Thursday evening that FBI and the DHS have been scrambling to help several U.S. energy firms and nuclear power plants to ward off intrusions into their systems from hackers.
Apparently, several methods are being used, including inserting malware into fake resumes being sent to engineers in control of sensitive systems, according to a report seen by the NYT, according to Newser.
A general alert was sent to utilities a week ago, as it became obvious that intruders were searching for vulnerabilities in the electrical grid, leading to the assumption that a planned disruption of the grid was coming. Adding to the concerns, a company that manufactures control systems for the power industry was recently hacked, and the FBI and DHS believe it was related.
However, as Wired points out, we need to take a step back and look at the overall picture. The severity of breaching any system is dependent on if hackers managed to get past the traditional computer systems, “including the far more obscure, less Internet-connected systems that actually manipulate the physical equipment.”
“These were business networks, not computer systems anywhere near the operational systems,” says Robert M. Lee, the founder of the critical infrastructure cybersecurity firm Dragos. “On the one hand, it’s concerning. On the other, it’s really far from anything near the industrial control systems.” Dragos says he has “indirect knowledge” of the recent incidents.
According to the report, at least a dozen nuclear facilities have been hit, including the Wolf Creek nuclear power plant in Kansas. Officials at Wolf Creek declined to comment on the incident, although they did say it was their corporate system that was hacked and not the network that runs the nuclear facility.