Three months after a Department of Homeland Security intelligence report downplayed the threat of a cyber attack against the U.S. electrical grid, DHS and the FBI began a nationwide program warning of the dangers faced by U.S. utilities from damaging cyber attacks like the recent hacking against Ukraine’s power grid.
The nationwide campaign by DHS and the FBI began March 31 and includes 12 briefings and online webinars for electrical power infrastructure companies and others involved in security, with sessions in eight U.S. cities, including a session next week in Washington.
The unclassified briefings are titled “Ukraine Cyber Attack: Implications for U.S. Stakeholders,” and are based on work with the Ukrainian government in the aftermath of the Dec. 23 cyber attack against the Ukrainian power infrastructure.
“These events represent one of the first known physical impacts to critical infrastructure which resulted from cyber-attack,” the announcement by the DHS Industrial Control Systems Cyber Emergency Response Team read.
“The attacks leveraged commonly available tools and tactics against the control systems which could be used against infrastructure in every sector.”
The briefings will outline the details of the attacks, the techniques used by the hackers, and strategies to be used to limit risks and improve cyber security for grid organizations.
Security researchers have concluded the attack was carried out by Russian government hackers based on the type of malicious software, called BlackEnergy, that was detected in the incident.
The threat briefings followed an internal DHS intelligence report published in January that stated the risk of a cyber attack against U.S. electrical infrastructure was low.
“We assess the threat of a damaging or disruptive cyber attack against the U.S energy sector is low,” the report, labeled “for official use only,” says.
The report said advanced cyber attackers, such as nation states like Russia and China, are mainly seeking to conduct “cyber espionage.”
Penetration by foreign hackers into industrial control systems used to remotely control the electrical power grids as well as water and other infrastructure “probably is focused on acquiring and maintaining persistent access to facilitate the introduction of malware, and likely is part of nation-state contingency planning that would only be implemented to conduct a damaging or disruptive attack in the event of hostilities with the United States,” the eight-page report states.
The majority of malicious cyber attacks against energy companies was downplayed as “low-level cybercrime that is likely opportunistic in nature rather than specifically aimed at the sector, [and] is financially or ideologically motivated, and is not meant to be destructive.”
The report also sought to dismiss public references to “cyber-attacks” as exaggeration. “Overuse of the term ‘cyber attack,’ risks ‘alarm
“Overuse of the term ‘cyber attack,’ risks ‘alarm fatigue,’ which could lead to longer response times or to missing important incidents,” the report said.
The report raises questions about whether DHS, which has primary responsibility for protecting U.S. government computer networks and works with the private sector to prevent cyber attacks, understands the infrastructure cyber threat and is seeking to downplay the threat for political reasons.
The Obama administration has adopted an approach that seeks to play down foreign national security threats under conciliatory foreign policies pursuing warmer relations with states such as Russia, China, and Iran.
The DHS report, however, contrasts sharply with recent statements by Adm. Mike Rogers, commander of the Cyber Command, who warned recently that a major cyber attack by nation-states against critical infrastructures poses a major security threat.
“It is only a matter of the ‘when,’ not the ‘if’—we’re going to see a nation-state, group, or actor engage in destructive behavior against critical infrastructure in the United States,” Rogers, who is also director of the National Security Agency, said in a speech March 2.
Rogers described the Ukraine cyber attacks as “a well-crafted attack” that temporarily disrupted electrical power in Ukraine.
- Hijab-Wearing Woman Becomes New Hair Model for L’Oreal. We Aren’t Joking. [Watch]
- Watch: Security Footage Captures Dramatic Shoot-Out Between Cops and Armed Robbers
- Melania Trump Cuts Pork from First Lady Payroll After Michelle Obama’s Extensive Spending
- Report: DHS to File Criminal Charges Against Sanctuary City Politicians
- Newsweek: ‘Hillary Clinton could still become president if Russia probe finds conspiracy evidence’
- Watch: Al Sharpton’s Epic Fails When Reading Teleprompter Will Have You Rolling With Laughter, ‘The Thigh (Thai) Militarty’
- Psychologist Answers Journalist’s Question ‘Why should your right to freedom of speech trump a trans person’s right not to be offended?’ — Leaves Her Speechless [Watch]
- New Details: Thirteen Children Living in ‘House of Horrors’ Were Only Allowed to Shower Twice a Year, Among Other Cruel Treatment
- ICE to Crack Down on California the Sanctuary State
- Actors Blame Trump for Hawaii False Alarm — Jim Carrey “We are headed for suffering beyond all imagination.”
- Allah Adios: Muslim Migrants Finally Get Deported from US Under Trump Admin
- Insane! Man Faces Jail Time for ‘Disturbing’ Manatees by Throwing Bucket of…
- Sessions Has HARSH Message for ‘Dreamers’ — Will Send Them CRYING Back to Mexico
- Rand Paul: Donald Trump was ‘Large Financial Backer’ of Haiti Mission Trips When he Was Private Citizen [Watch]
- Watch: Chelsea Manning is Running for Senate and the Campaign Ad Will Make You Cry with Laughter
- Parents Shackled Thirteen Children to Bed — Starving Them and Forcing to Recite the Bible