As I scroll through Facebook I began seeing posts about ‘Russia in control of our infrastructure’. People reacting to something that most cybersecurity researchers have known about for quite some time. And guess what, we’re not freaking out just yet.
Yesterday, the Department of Homeland Security and the Federal Bureau of Investigation took the unusual step of issuing an alert fingering the Russian government for targeting U.S. critical infrastructure with cyberattacks.
The alert details the Russian government’s actions in the DragonFly 2.0 campaign revealed last summer, in which hackers infiltrated energy facilities in North America and Europe and escalated its operations, possibly signaling a shift from intelligence gathering to industrial sabotage. DHS and the FBI unveiled a “multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.” Once they obtained access, “the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS),” the alert said.
Well this type of attack isn’t anything new, and the real story here is that the U.S. is choosing to acknowledge it (and in extreme detail I might add). This has been going on for quite some time now.
So why aren’t security researchers freaking out? Well people seem to think that Russia can flip a switch and cripple our power or nuclear infrastructure or If we were to ever go to war with Russia, they could easily shut down our power grids making us sitting ducks. This is simply not true and any journalist who pushes that narrative should be ashamed.
Our nuclear infrastructure, for example, is quite protected actually. Yes hackers have been penetrating the computer networks of companies that operate nuclear power stations and other energy facilities but there is no indication that hackers were able to jump from their victims’ computers into the control systems of the facilities. The system that actually runs the plant is completely cut off from the administration and corporate network. Basically, the network that actually runs the plant is completely cut off to the outside world.