The U.S. electricity grid is a tempting target for nations wanting to cause maximum disruption to the country’s economy or perhaps damage even more sinister. In early September, security software firm Symantec Corp. (NASDAQ: SYMC) reported that a group of Russian hackers gained access to operational networks of “dozens” of U.S. energy companies and could potentially get control over the parts of the U.S. power grid that the companies control.
On Tuesday, another security firm, FireEye Inc. (NASDAQ: FEYE), said that it had “detected and stopped” spear phishing emails sent in late September to U.S. electric companies. The attack was conducted by “known cyber threat actors likely affiliated with the North Korean government.”
While the Russian attack revealed in early September penetrated further than any previous attack, the North Korean foray was characterized as an “early-stage reconnaissance and not indicative of an imminent, disruptive cyber attack.”
FireEye’s report on the incident said:
We have not observed suspected North Korean actors using any tool or method specifically designed to compromise or manipulate the industrial control systems (ICS) networks that regulate the supply of power. Furthermore, we have not uncovered evidence that North Korean linked actors have access to any such capability at this time. … FireEye has detected more than 20 cyber threat groups suspected to be sponsored by at least four other nation-states attempting to gain access to targets in the energy sector that could have been used to cause disruptions. The few examples of disruptions to energy sector operations being caused by cyber operations required additional technical and operational steps that these North Korean actors do not appear to have taken nor have shown the ability to take. … Thus far, the suspected North Korean actions are consistent with a desire to demonstrate a deterrent capability rather than a prelude to an unprovoked first-strike in cyberspace; however, North Korea linked actors are bold, have launched multiple cyber attacks designed to demonstrate national strength and resolve, and have little concern for potential discovery and attribution of their operations.
What makes threats against the U.S. electricity grid so potentially damaging is what could happen following a successfully coordinated attack on the grid. The confusion and even chaos that would follow could leave the United States vulnerable to physical attacks by other states or terrorist groups.