Russian Cyber Threat Shows Grid Vulnerability

April 14, 2022

You can’t make a terror weapon out of a wind turbine.
A nuclear plant, at least the current generation of nuclear plants, that’s something else.
Above, very informative and unsettling account of recent (presumably Russian) forays into the cybernetic infrastructure of the US grid.

An attack on the grid as it exists could be devastating – but with an interlinked series of microgrids that are “islandable” – can function independently, and has local solar or wind power production – a country could make itself much more secure from emerging threats, including malicious attack, and increasingly extreme weather events.

This is not new.

New York Times, March 15, 2018:

The Trump administration accused Russia on Thursday of engineering a series of cyberattacks that targeted American and European nuclear power plants and water and electric systems, and could have sabotaged or shut power plants off at will.

United States officials and private security firms saw the attacks as a signal by Moscow that it could disrupt the West’s critical facilities in the event of a conflict.

They said the strikes accelerated in late 2015, at the same time the Russian interference in the American election was underway. The attackers had compromised some operators in North America and Europe by spring 2017, after President Trump was inaugurated.

In the following months, according to a Department of Homeland Security report issued on Thursday, Russian hackers made their way to machines with access to critical control systems at power plants that were not identified. The hackers never went so far as to sabotage or shut down the computer systems that guide the operations of the plants.

In December, the White House said North Korea had carried out the so-called WannaCry attack that in May paralyzed the British health system and placed ransomware in computers in schools, businesses and homes across the world. Last month, it accused Russia of being behind the NotPetya attack against Ukraine last June, the largest in a series of cyberattacks on Ukraine to date, paralyzing the country’s government agencies and financial systems.

But the penalties have been light. So far, Mr. Trump has said little to nothing about the Russian role in those attacks.

The groups that conducted the energy attacks, which are linked to Russian intelligence agencies, appear to be different from the two hacking groups that were involved in the election interference.

Forensic analysis suggested that Russian spies were looking for inroads — although it was not clear whether the goal was to conduct espionage or sabotage, or to trigger an explosion of some kind.

In a report made public in October, Symantec noted that a Russian hacking unit “appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so.”

The United States sometimes does the same thing. It bored deeply into Iran’s infrastructure before the 2015 nuclear accord, placing digital “implants” in systems that would enable it to bring down power grids, command-and-control systems and other infrastructure in case a conflict broke out. The operation was code-named “Nitro Zeus,” and its revelation made clear that getting into the critical infrastructure of adversaries is now a standard element of preparing for possible conflict.

The Russians have gone farther.

In an updated warning to utility companies on Thursday, Homeland Security officials included a screenshot taken by Russian operatives that proved they could now gain access to their victims’ critical controls.

A few years ago, I interviewed General Richard Zilmer, formerly commander of US forces in Anbar Province, Iraq – now retired, he spends his time studying energy security and renewables. His points about distributed energy on an upgraded grid are not lost on local officials in wind turbine communities here in Michigan.

National Renewable Energy Lab (NREL):

High winds, a beaming sun, a remote landscape—the National Renewable Energy Laboratory’s (NREL’s) Flatirons Campus might be a familiar environment to military servicemembers. Here at “Fort Renewable,” down a dirt road from the main research campus, military Quonset huts are dispersed among energy assets like solar photovoltaics and battery storage.

Compared to a real military base, the Fort Renewable setup is not so much forward-operating as forward-thinking, with its own critical mission: to design high-renewable systems for secure applications. With unique cyber and physical capabilities, NREL’s microgrid research platform is the scene of large-scale grid demonstrations that are helping the military, microgrid, and energy storage industries transition past technical barriers toward extreme renewable integration.

Microgrids are nothing new to the military, and especially nothing new for NREL–Department of Defense (DOD) collaborations. But as new threats emerge on energy systems—generally cyber and environmental—the DOD is now looking to bolster its backup power with battery storage, in place of a current preference for diesel generators.

“We’ve had military microgrids for 20 years now,” said Brian Miller, a senior NREL researcher and microgrid research lead. “But we didn’t have batteries back then, and very little solar.”

“This project is about learning how critical loads can survive disaster and outage scenarios,” said Martha Symko-Davies, laboratory program manager of the ESIF. “We’re not validating microgrids for the military only; we want to do this for the whole country. Future campuses and microgrid systems will look to this project for examples, and to NREL for microgrid research capabilities that exist nowhere else.”

In this perspective, project teams endure the hardest tests so that future microgrids can better survive worst-case scenarios. NREL validations force difficult decisions that a critical microgrid could encounter, like choosing between multiple critical loads. For participating teams, their early-stage concepts that have scarcely seen commercial applications are up against disasters that any system would hope to never see, but nevertheless must prepare for.

One Response to “Russian Cyber Threat Shows Grid Vulnerability”

  1. rhymeswithgoalie Says:

    Years back I used to assert than any control device that was installed without changing the default password should lead to someone being fired. (Security-wise, it’s even preferred to write down the new password so anyone with physical access can read it, as long as it’s off-camera.)

    Nowadays any cyber-accessible device that isn’t manufactured with unique default passwords (you see them printed on special stickers on home wi-fi, for instance) should not be on an approved vendor or product list.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: