By Bob Weiss
CISA issued a bulletin last week (see below) about Russian capabilities to attack the US energy sector. I have been warning about this danger since 2016, when I read Ted Koppel’s book Lights Out. The timeframe of the current alert (2011 to 2018) coincides with the Obama/Biden Administration, interestingly enough. Not the Trump administration though (huh). Now Biden is back in command. This does not bode well for the US and its NATO allies. The Russians have practiced this cyberwar tactic twice in the Ukraine in 2015 and 2016, which is explored in Andy Greenberg’s book Sandworm.
In light of the continuing kinetic war between Russian and the Ukraine, including the takeover of key nuclear power electric generation facilities in Ukraine, this is something that we should be, and apparently ARE worried about. One has to assume this capability exists against the European and NATO nations as well.
My questions are:
- Can Russia turn off the US electric grid? Even parts of it?
- Can US Cyber Command stop the Russians? We’ve had 7 years to prepare. Are we?
- Can the US Cyber Command turn out the lights in Russia?
Russia has supposedly developed ways to isolate its networks from the global Internet, and this would limit our ability to respond in kind. Current US sanctions which have reduced their Internet access also would limit our abilities to attack. This is all making me very nervous.
This is what CISA has to say about it:
State-Sponsored Russian Cyber Actors Targeted Energy Sector from 2011 to 2018
Original release date: March 24, 2022
CISA, the Federal Bureau of Investigation, and the Department of Energy have released a joint Cybersecurity Advisory (CSA) detailing campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted U.S. and international Energy Sector organizations. The CSA highlights historical tactics, techniques, and procedures as well as mitigations Energy Sector organizations can take now to protect their networks.
CISA encourages all critical infrastructure organizations to review joint CSA: Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector and apply the recommendations. For more information on Russian state-sponsored malicious cyber activity, see CISA’s Russia Cyber Threat Overview and Advisories page.
If you are working in the US Energy Sector this in information you should already know. I am reasonably confident that the largest electric utilities are prepared, or think they are prepared to defend against this type of cyber-attack. But there are over 3000 rural electric cooperatives that may NOT be fully prepared. The destruction of even small portions of the US electric grid could have dire effects on the remaining utilities. And over 30,000 municipal water systems that use technologies similar to the energy sector.
Here are other articles I have written on this subject:
Search Results for “lights out” on Wyzguys Cybersecurity
- Russian Cyber-War Attacks Against the Ukraine – It Begins
This was inevitable considering the weak response from the US and our NATO allies in Europe. How soon will the ground war start? How will the West respond? If you thin this is NOT our war, please remember the last time the Russians attacked the Ukraine with the NotPetya attack. This affected… - Dragonfly Wants To Punch Our Lights Out? Round One
Somebody wants to punch our lights out – literally turn off the electric power grid. Who would want to do this? Who has the capability? Is it the Russians, who have already demonstrated this attack two years ago in the Ukraine? Or the North Koreans, who have both motive and the cyber arm… - Dragonfly Wants To Punch Our Lights Out? Round Two
Somebody wants to punch our lights out – literally turn off the electric power grid. Who would want to do this? Russia? North Korea? Cybersecurity firm Symantec has attributed this attack to a group they have identified as the Dragonfly Group, who may have been responsible for the attack… - Dragonfly Wants To Punch Our Lights Out? Round Three
Is the U.S. energy sector under attack? The ambitious and sophisticated exploits like this one are usually the work of a nation-state. Who wants to turn off the lights? Last Wednesday we took a look at the US-CERT alert warning about the ongoing cyber-attack against the U.S. electric grid, and o… - Dragonfly Wants To Punch Our Lights Out? Round Four
Over the last four posts, we have focused on the US-CERT alert, but cybersecurity firm Symantec has actually been working this case since 2011. Their report on Dragonfly can be found on their website. While they are cautous when providing attribution, reading between the lines indicates that Dra… - What Happens If The Lights Go Out?
I attended the (ISC)2 Security Congress in September, and one of the featured speakers was well known television journalist Ted Koppel. He gave a presentation about his new book Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath. You are probably wondering, as I was, what…
- “Sandworm” Is The True Story About Russian Cyberwarfare
Last month I read the book Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers, by Andy Greenberg, senior writer for Wired magazine. If you want to understand how cyber-war has changed the face of military operations in the 21st century, this book explains…
- Zero Days – Documentary About Cyber War
We have written about Stuxnet a couple of times. (Here and here) My fascination with this incredible piece of malware writing is that it represents the first documented case of cyber war between nation-states. As we now know, Iran, specifically the nuclear facility at Natanz, was attacked by t… - Russia Creates A National Internet
Back on March 1 2019, I reported that Russia was planning to disconnect itself from the Internet. On November 1, 2019, the Russian Federation decreed that all Russian ISPs are required to route Internet traffic through special gateway routers run by Russian communications regulator Roskomnadzo. Th… - Russia Disconnecting From The Internet?
Russia has announced plans to temporarily “disconnect” itself from the global Internet. What does this mean for Russia, its citizens, and the rest of the world that is connected to the World Wide Web? Russia is not the first country to disconnect the Internet. In January the government…
MAR
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com