On Wednesday, I was quoted in a good article by Robert Walton in Utility Dive, about an FBI bulletin announcing “abnormal scanning” of five electric utilities and 18 other critical infrastructure organizations from Russian IP addresses. Cue the scary music.
My primary reaction to this was, does
the FBI think this is news? Since just about every big utility in the country
is scanned probably thousands of times an hour (and I’m sure a lot of those
scans come from Russia), the fact that five of them are now getting a few extra
scans from Russia doesn’t make me want to check my flashlight batteries and lay
in a store of MREs for the coming dark days. And given that it would be nearly
impossible for the Russians (or anybody else) to cause
an outage through a direct attack from the internet, I’m not worried about
what would happen, even in the unlikely event that the Russians did
break through the firewalls.
But if FBI Director Christopher
Wray is worried about the Russians attacking the grid, he might want to go back
to something that he and Gina Haspel, then Director of the CIA, said in the Worldwide
Threat Assessment briefing to Congress in January 2019: "Russia has
the ability to execute cyberattacks in the United States that generate
localized, temporary disruptive effects on critical infrastructure — such as
disrupting an electrical distribution network for at least a few hours.”
In other words, in 2019, Director Wray
implied that the Russians had planted malware in the grid and could cause
outages anytime they want to. Yet it seems neither the FBI nor anyone else in the
federal government ever investigated these statements, since there were never
any reports or briefings (classified or unclassified) to the power sector of
any kind (whereas after the first Ukraine grid attack in 2015, there were classified
and unclassified briefings across the country, as well as some very good reports).
Which leads me to believe that, if
the malware was there in January 2019 (and the former Deputy Director of the
NSA told a similar
story in May 2019, although with much larger numbers), it’s still there
now. Why would the Russians want to knock themselves out trying to break through
the firewalls of large utilities, if they can just activate their malware and
cause some big outages?
And Director Wray can’t blame the
lack of an investigation on his predecessor!
Any opinions expressed in this
blog post are strictly mine and are not necessarily shared by any of the
clients of Tom Alrich LLC. If you would
like to comment on what you have read here, I would love to hear from you.
Please email me at tom@tomalrich.com.
No comments:
Post a Comment