DHS Confirms Russian Hackers Infiltrated Hundreds of U.S. Electric Utilities Control Rooms

By July 27, 2018 No Comments

The Department of Homeland Security (DHS) revealed in a briefing Monday that Russian hackers, working for a state-owned group previously identified as Dragonfly or Energetic Bear, have breached the control rooms of hundreds of U.S. electric utilities.

The hackers gained access to the utilities’ SCADA networks, which were supposedly ‘air gapped’ or securely isolated, by first compromising the networks of thousands of vendors and suppliers that had special access to the utilities’ systems to remotely complete service tasks, such as updating software and running diagnostics. These SCADA networks control the bulk electric power system and, if compromised, could potentially result in power disruptions or blackouts.

The hackers utilized conventional means, such as spear-phishing emails, to collect employee passwords and gain access to vendor networks, the majority of which lacked sufficient cybersecurity protections.

In response to this increased threat of attack, the DHS is sharing more information in unclassified settings than ever before, hoping to raise awareness and spur industry-wide cooperation to strengthen and implement enhanced cybersecurity standards. Relatedly, the North American Electric Reliability Corporation (NERC), the body charged with ensuring the reliability and security of the electrical grid, has recently extended their NERC-CIP-003 standard to reaffirm the need for role-based access control in the field, such as changing default device passwords, enforcing password complexity, and rotating passwords.

The Xage Security Suite is uniquely designed to help organizations across industries not only meet these heightened standards, but secure critical access control and proactively protect themselves against such credential leakage attacks. Xage’s blockchain-protected security fabric, which employs multi-factor authentication and frequently rotates credentials, provides a tamperproof record of access control, ensuring that access logs and stolen credentials cannot be utilized or concealed by malicious actors. Xage’s systemic tamperproofing furthermore includes fingerprinting technology, which detects unauthorized changes and isolates compromised devices to prevent contagion from spreading.

Learn more about Xage’s Security Suite.

White Paper

the whitepaper

The current model of enterprise security is incapable of protecting Industry 4.0 with its intermittently connected, heterogeneous devices and applications, distributed across organizations and geographies. Today’s centralized IT security paradigm needs to be replaced by cybersecurity that is distributed, flexible and adaptive.