Malware that has been linked to Russian hackers was discovered in a Vermont power-utility laptop, raising fears about the vulnerability of the U.S. power grid. The code was connected to the hacking operation that has been dubbed Grizzly Steppe, which is the same one that is suspected of having carried out operations to try to influence the presidential election. The laptop was not connected to the power grid, the Burlington Electric Department said in a statement. “We took immediate action to isolate the laptop and alerted federal officials of this finding,” the company added.
The discovery came a day after the Department of Homeland Security sent out a public alert about the malware code. “We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems,” the company said.
The Washington Post was first to report the story, although it initially claimed the Russian hackers had penetrated the U.S. electrical grid, before toning down the story once the Vermont utility said the laptop was not connected.
Compare the initial and current versions of the headline. pic.twitter.com/ejbE3A7eZ7— Eric Geller (@ericgeller) December 31, 2016
Officials expressed confidence there was no damage to the electrical infrastructure. “The grid is not in danger,” Vermont Public Service Commissioner Christopher Recchia told the Burlington Free Press. "The utility flagged it, saw it, notified appropriate parties and isolated that one laptop with that malware on it." Still, that doesn’t mean they aren’t concerned, and Gov. Peter Shumlin called for a “a full and complete investigation of this incident.” Sen. Patrick Leahy of Vermont noted that the discovery is “beyond hackers having electronic joy rides—this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter.”
It’s far from clear when the malware entered the computer and what the intent of the hackers might have been. They could have wanted to disrupt operations, sure, but also may have simply wanted to know whether a breach was possible. An unnamed source tells Reuters the whole thing could be the result of a much less nefarious episode, “such as visiting a questionable website,” meaning it’s possible Russian hackers weren’t directly involved at all.
Officials had already been concerned about the safety of the country’s power grid, particualrly considering it has come under attack in the past. The Wall Street Journal reports:
American officials believe a cyber-campaign against the U.S. energy industry in 2014 resulted in at least 17 companies’ systems being penetrated, including four electric utilities. Their identities aren’t publicly known. The U.S. power grid is a gigantic system of interconnected electric networks, which means successfully taking down one or more utilities could destabilize larger areas of the grid.
The U.S. Department of Homeland Security has said the attackers in the 2014 blitz were able to steal data and gain private network access, which could allow them to remotely adjust equipment settings.
And Russian hackers have been known to take an interest in utilities. Hackers broke into a utility in Western Ukraine in 2014 and shut down substations in the region, leaving tens of thousands without power, notes Bloomberg. Earlier this month, Ukraine said it was investigating a suspected cyberattack on Kiev’s power grid.