Hackers Target U.S. Power Plants, Including Kansas Nuclear Facility

King & Spalding

According to a June 2017 joint report issued by the Department of Homeland Security (“DHS”) and the Federal Bureau of Investigation (“FBI”), hackers penetrated the computer networks of at least a dozen U.S. power plants beginning in May.  The report carried an amber warning, the second-highest level of urgency for these types of reports.  There is no indication that hackers breached the control systems of any facility, but the report concluded that the apparent goal was to map out computer networks for future attacks.

Among the facilities targeted was the Wolf Creek Nuclear Operating Corporation’s nuclear power plant located near Burlington, Kansas.  Wolf Creek officials declined to comment about the cyberattacks, but stated that their business-side network and internet are separate from the plant’s network, and that no plant operations systems had been affected by the breach.  Nuclear facilities must report cyberattacks related to their “safety, security, and operations;” no such reports were made by Wolf Creek or any other power plant related to these recent attacks. 

The hackers used a variety of methods to gain entry into the networks.  In most cases, the attacks targeted industrial control engineers with direct access to plant systems.  Such systems, if damaged, could cause explosions, fires, or spills of dangerous material.  The hackers electronically sent engineers fake resumes laced with malicious code that allowed the hackers to steal the engineers’ credentials and access other machines in the network.  In addition, the hackers employed so-called “watering hole attacks,” compromising legitimate websites frequented by their targets, as well as “man-in-the-middle attacks,” in which the targets’ internet traffic was redirected through the hackers’ machines.

The origins of the hackers have not been confirmed, but the DHS-FBI report indicated that an “advanced persistent threat actor”—typically, government-backed hackers—was responsible.  Notably, the hackers’ techniques mimicked those of the organization called “Energetic Bear,” a Russian hacking group tied to attacks on the energy sector since as early as 2012.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.