Feedback
News

Feds Suspect Russians Behind Cyber-Attacks on Power Plants

Russia is suspected to be behind recent hacker intrusions at American power plants, including at least one nuclear facility, two U.S. officials told NBC News.

Investigators cannot definitively pin the new probing attacks, which did not affect plant controls, on Moscow. They haven't ruled out the possibility some other country's hackers, mimicking the Russians, are responsible for the breaches, the officials said.

Details of the information-collecting offensive, which began in May, were outlined in a joint bulletin by the Department of Homeland Security and the FBI. The two agencies confirmed in a statement that they had raised a red flag for the energy industry.

U.S. Nuclear Facilities and the Potential for Cyber Attacks 1:30

"There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks," the statement said.

A dozen plants were targeted, including the Wolf Creek Nuclear Operating Corporation, which runs a generating station in Burlington, Kansas.

Senior intelligence and nuclear regulatory officials noted that the overwhelming majority of U.S. reactors operate on analog, not digital systems, making them less vulnerable to hacking attacks.

"At most, the hackers might have been able to get the schedule for employee overtime," one official said of the Wolf Creek incident.

The hackers used several different techniques to compromise plant computers, including emailing fake resumes that contained malicious code to senior engineers.

Image: Wolf Creek Nuclear Power Plant
The Wolf Creek Nuclear Operating Corporation was targeted by the hackers. Eric Benjamin / Courtesy Wolf Creek Nuclear Operating Corporation

Related: Iranian Hackers Claim Cyber-Attack on U.S. Dam

"There has been absolutely no operational impact to Wolf Creek," the plant, which supplies electricity for three utilities in Kansas and Missouri, said in a statement.

"The reason that is true is because the operational computer systems are completely separate from the corporate network. The safety and control systems for the nuclear reactor and other vital plant components are not connected to business networks or the internet.

"The plant continues to operate safely."

Juan Zarate, an NBC News national security analyst, said that even though the intrusions were aimed at administrative systems, they send a message to the U.S.: "Back off, because we have the ability to strike you in the heart of your core systems, your networks that matter to your economy and your lifestyle."

Last month, a group of 19 U.S. senators wrote a letter to President Donald Trump urging him to take concrete action to protect power systems from cyber-attacks.

"The Russians and other foreign actors have the capability, and potentially the intent, to cause significant damage to our economy by attacking our critical energy infrastructure, including our electrical grid," they wrote.

They asked that Trump direct the Energy Department to conduct a "thorough analysis" of Russian capabilities to threaten the energy sector and determine the extent to which the Russians have already tried to break in.

In May, Trump signed an executive order directing federal agencies to come up with a cyber-attack defense plan within 90 days.