Skip to main content
close search
site logo
Dive Brief

US sounds alarm over increased cyber threat to energy, other sectors

Published Oct. 24, 2017
Robert Walton's headshot
Senior Reporter
Getty Images

Dive Brief:

  • The U.S. Department of Homeland Security and the Federal Bureau of Investigation last week issued a joint warning that described an "advanced persistent threat" targeting government entities and organizations in a wide range of sectors, including energy, nuclear, aviation and critical manufacturing.
  • In September, security firm Symantec warned that a group of hackers known as Dragofly 2.0 had targeted the power sector in Europe and the United States, potentially gaining operational access. 
  • DOE and FBI said their technical alert aimed to provide "additional information about this ongoing campaign," and to educate network defenders to identify and reduce exposure to hacking attempts.

Dive Insight:

For at least five months now, federal officials have been monitoring attempts to hack critical systems in the United States and elsewhere — some of which have been at least partially successful, DOE and FBI said.

"Threat actors have targeted government entities and the energy, water, aviation, nuclear and critical manufacturing sectors, and, in some cases, have leveraged their capabilities to compromise victims’ networks," the alert said. " Historically, cyber threat actors have targeted the energy sector with various results, ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict."

The agencies warned that hackers are using a variety of techniques and tactics, including: open-source reconnaissance; spear-phishing emails (from compromised legitimate accounts); watering-hole domains; host-based exploitation; industrial control system infrastructure targeting and ongoing credential gathering.

Despite the good intentions of federal officials, some experts say the warning is insufficient.

Satya Gupta, founder and CTO of Virsec Systems, said in a statement that while the DHS warnings "are warranted, their specific security recommendations are inadequate. The security mindset of watching for anomalies at the perimeter often becomes the equivalent of closing the barn door after the horses have bolted."

Perimeters are inevitably porous, Gupta said. "Our security focus needs to shift from the network perimeter to the applications themselves," he added. "By closely monitoring application flows, processes and memory, you can spot unusual behavior at the source and take action faster and more surgically, before damage occurs or spreads."

Earlier this month, cybersecurity firm FireEye confirmed that it detected and stopped spear phishing emails sent to United States power companies by "known cyber actors likely affiliated with the North Korean government" in September.

President Donald Trump has named cybersecurity a priority, issuing an executive order outlining a series of actions for federal agencies to strengthen protections for national cybersecurity, federal IT networks and critical infrastructure, including the power grid. GridEx IV, a biennial exercise designed to simulate a cyber and physical attack on electric and other critical infrastructures across North America, will launch next month.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Utility Broadband Alliance 2024 Summit & Plugfest Shatters Attendance Milestone
From Utility Broadband Alliance
November 21, 2024
Survey: Utilities Boost Renewables, Reliability Other Goals with Connected Field Assets
From Sitetracker
November 25, 2024
ABB launches next-generation medium voltage drive, designed to enhance industrial performance …
From ABB
November 19, 2024
Oncor System Resiliency Plan Approved by PUCT
From Oncor
November 14, 2024
Editors' picks
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.