Friday, January 11, 2019
"Russian Hack Exposes Weakness in U.S. Power Grid" (WSJ "booklet")
On Friday, January 11, 2019, the Wall Street Journal offered a booklet-length article by Rebecca Smith and Rob Barry, “Russian Hack Exposes Weakness in U.S. Power Grid” with the subtitle, “Worst known system breach involved attacks on small contractors”, link.
The story starts with a description of a hack of a construction company in Oregon in March 2017, that would not be detected for several months by DHS, which found that Russia had placed malware that intercepted every internal email. Maybe 30 or more states have small contractors, targeted by Russians, serving utilities.
Actually, early probes go back to the summer of 2016, before the election, when Sinclair Broadcasting had run a few stories which didn’t get much public attention.
The article discusses the concept of a Scada server, pr a utility’s supervisory control and data acquisition system, which could effectively perform a software “airgap jump”.