Regional and local electric utilities say they have found no evidence that a recent wave of cyberattacks infiltrated any of their power plants and computer networks.
Hackers working for a foreign government recently breached at least a dozen U.S. power plants, including the Wolf Creek nuclear facility in Kansas, according to current and former U.S. officials, sparking concerns that the attackers were searching for vulnerabilities in the electrical grid.
An official at the Nebraska Public Power District said the utility’s Cooper Nuclear Station outside of Brownville, Nebraska, was not targeted; the facility is located about 170 miles north of the Wolf Creek plant and is the only other operating nuclear plant in the regional grid.
Cooper spokesman Drew Niehaus told The Omaha World-Herald that “nothing to my knowledge” indicates that the plant was involved in what industry and government officials have acknowledged as a wide-ranging attack on critical infrastructure.
Officials at Des Moines-based Mid-American Energy and Omaha Public Power District stated that their facilities and networks were not breached in the attacks.
The still-unidentified attackers could be positioning themselves to eventually disrupt the nation’s power supply, warned the U.S. officials, who noted that a general alert was distributed to utilities a week ago. Adding to those concerns, hackers recently infiltrated an unidentified company that makes control systems for equipment used in the power industry, an attack that officials believe may be related.
The chief suspect is Russia, according to three people familiar with the continuing effort to eject the hackers from the computer networks. One of those networks belongs to Wolf Creek — an aging nuclear generating facility owned by Westar Energy Inc., Great Plains Energy Inc. and Kansas Electric Power Cooperative Inc. — on a lake shore near Burlington in east-central Kansas.
The possibility of a Russia connection is particularly worrisome, former and current officials say, because Russian hackers previously have taken down parts of the electrical grid in Ukraine and appear to be testing increasingly advanced tools to disrupt power supplies.
The hacks come as international tensions have flared over U.S. intelligence agencies’ reports that Russia tried to influence the 2016 presidential election. The United States, which has several continuing investigations into Russia’s activities, is known to possess digital weapons capable of disrupting the electricity grids of rival nations.
“We don’t pay attention to such anonymous fakes,” Kremlin spokesman Dmitry Peskov said in response to a request to comment on alleged Russian involvement.
The Department of Homeland Security and FBI said they are aware of a potential intrusion in the energy sector. The alert issued to utilities cited activities by hackers since May.
“There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks,” the government agencies said in a joint statement.
Nor is there any indication that closed nuclear plants — such as Omaha Public Power District’s Fort Calhoun facility, which is about 10 miles from Missouri Valley — were targeted, said Bill Gross, a cybersecurity expert at the Nuclear Energy Institute, a global trade group representing nuclear plant operators. OPPD closed the plant 20 miles north of Omaha in October 2016 and removed all the nuclear fuel from its reactor in early November 2016.
“They’ve been given situational awareness on the details of this broad campaign,” Gross told The World-Herald. “At this time, I don’t have any information that would indicate there has been any targeting of decommissioned sites.”
The Department of Energy also said the impact appears limited to administrative and business networks and said it was working with utilities and grid operators to enhance security and resilience.
“Regardless of whether malicious actors attempt to exploit business networks or operational systems, we take any reports of malicious cyber activity potentially targeting our nation’s energy infrastructure seriously and respond accordingly,” the department said in an emailed statement.
Representatives of the National Security Council, the Director of National Intelligence and the Nuclear Regulatory Commission declined to comment.
While Bloomberg News was waiting for responses from the government, however, The New York Times reported that hacks were targeting nuclear power stations.
Operational controls at Wolf Creek in Kansas were not breached, according to government officials. “There was absolutely no operational impact to Wolf Creek,” Jenny Hageman, a spokeswoman for the nuclear plant, said in a statement to Bloomberg News.
U.S. intelligence officials have long been concerned about the security of the country’s electrical grid. The recent attack, striking almost simultaneously at multiple locations, is testing the government’s ability to coordinate an effective response among several private utilities, state and local officials, and industry regulators.
Homeland Security and the FBI sent out a general warning about the cyberattack to utilities and related parties on June 28, though it contained few details or the number of plants affected.
The government said it was most concerned about the “persistence” of the attacks on choke points of the U.S. power supply. That language suggests hackers are trying to establish back doors on the plants’ systems for later use, according to a former senior DHS official who asked not to be identified.
Those back doors can be used to insert software specifically designed to penetrate a facility’s operational controls and disrupt critical systems, according to Galina Antova, co-founder of Claroty, a New York firm that specializes in securing industrial control systems.
The alert sent out last week inadvertently identified Wolf Creek as one of the victims of the attack. An analysis of one of the tools used by the hackers had the stolen credentials of a plant employee, a senior engineer.
A U.S. official acknowledged that the error was not caught until after the alert was distributed.
E&E News first reported on digital attacks targeting U.S. nuclear plants, saying the effort was code-named Nuclear 17. A senior U.S. official told Bloomberg that there was a bigger breach of conventional plants, which could affect multiple regions. NPPD, LES and OPPD confirmed that none of their conventional electric generators were involved.
Industry experts and U.S. officials say the attack is being taken seriously, in part because of recent events in Ukraine. Antova said that the Ukrainian power grid has been disrupted at least twice, first in 2015 and then in a more automated attack last year, suggesting the hackers are testing methods.
— This report contains material from Bloomberg News.