U.S. Energy Department helping power firms defend against cyber attacks

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

By Jim Finkle, Scott DiSavino and Timothy Gardner

(Reuters) – The U.S. Department of Energy said on Friday it is helping U.S. firms defend against a hacking campaign that targeted power companies including at least one nuclear plant, saying the attacks have not impacted electricity generation or the grid.

News of the attacks surfaced a week ago when Reuters reported that the U.S. Department of Homeland Security and Federal Bureau of Investigation issued a June 28 alert to industrial firms, warning them of hacking targeting the nuclear, power and critical infrastructure sectors.

“DOE is working with our government and industry partners to mitigate any impact from a cyber intrusion affecting entities in the energy sector,” a Department of Energy representative said in an email to Reuters. “At this time, there has been no impact to systems controlling U.S. energy infrastructure. Any potential impact appears to be limited to administrative and business networks.”

It was not clear who was responsible for the hacks. The joint report by the DHS and the FBI did not identify the attackers, though it described the hacks as “an advanced persistent threat,” a term that U.S. officials typically but not always use to describe attacks by culprits.

The DOE discussed its response to the attacks after Bloomberg News reported on Friday that the Wolf Creek nuclear facility in Kansas was among at least a dozen U.S. power firms breached in the attack, citing current and former U.S. officials who were not named.

A representative with the Wolf Creek Nuclear Operating Corp declined to say if the plant was hacked, but said it continued to operate safely.

“There has been absolutely no operational impact to Wolf Creek. The reason that is true is because the operational computer systems are completely separate from the corporate network,” company spokeswoman Jenny Hageman said via email.

A separate Homeland Security technical bulletin issued on June 28 included details of code used in a hacking tool that suggest the hackers sought to use the password of a Wolf Creek employee to access the network.

Hageman declined to say if hackers had gained access to that employee’s account. The employee could not be reached for comment.

The June 28 alert said that hackers have been observed using tainted emails to harvest credentials to gain access to networks of their targets.

“Historically, cyber actors have strategically targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict,” the report said.

David Lochbaum, a nuclear expert at the nonprofit group Union of Concerned Scientists, said reactors have a certain amount of immunity from cyber attacks because their operation systems are separate from digital business networks. But over time it would not be impossible for hackers to potentially do harm.

“Perhaps the biggest vulnerability nuclear plants face from hackers would be their getting information on plant designs and work schedules with which to conduct a physical attack,” Lochbaum said.

The DOE said it has shared information about this incident with industry, including technical details on the attack and mitigation suggestions.

“Security professionals from government and industry are working closely to share information so energy system operators can defend their systems,” the agency representative said.

Earlier, the FBI and DHS issued a joint statement saying “There is no indication of a threat to public safety” because the impact appears limited to administrative and business networks.

The Nuclear Regulatory Commission has not received any notifications of a cyber event that has affected critical systems at a nuclear plant, said spokesman Scott Burnell.

A nuclear industry spokesman told Reuters last Saturday that hackers have never gained access to a nuclear plant.

(Reporting by Jim Finkle in Toronto, Scott DiSavino in New York and Timothy Gardner in Washington; Additional reporting by Dustin Volz in Washington and Joseph Menn in San Francisco; Editing by Bernard Orr)