Federal agencies warn Russian cyber operations pose continued threat to U.S. energy infrastructure

In a joint advisory published this week, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the United States Department of Energy (DOE) assessed that state-sponsored Russian cyber operations remain a major threat to the U.S. energy sector.

Their report laid out details of multiple intrusion campaigns that hit both U.S. and international energy sector organizations between 2011 and 2018 and contended that attacks from indicted Russian state-sponsored hackers have not ceased. Information on the attacks was provided in conjunction with the U.S. Department of Justice unsealing indictments on four Russian government employees for campaigns targeting software and hardware for operational technology systems.

“The Department of Justice’s actions today demonstrate the U.S. government’s commitment to hold malicious cyber actors accountable for their actions,” Puesh Kumar, DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) director, said. “DOE takes threats to the U.S. energy sector seriously and urges industry partners to remain vigilant in light of Russia’s invasion of Ukraine. DOE values the partnership with owners and operators, States, CISA, and the FBI to jointly tackle threats to critical infrastructure in the United States.” 

In their advisory, the federal agencies pointed to three actions private industries and their networks could take to mitigate the perceived cyber threats:

• Implement strong network segmentation between IT and industrial control systems (ICS) networks
• Demand multifactor authentication for system access
• Manage the creation, modification, use of, and permissions for privileged accounts

The industry has, to an extent, already taken action. 

According to the Edison Electric Institute (EEI), which represents all U.S. investor-owned electric companies, member companies invested more than $25 billion last year alone for advancements in adaptation, hardening, and resiliency initiatives to strengthen U.S. transmission and distribution infrastructure. Further, the industry actively works with the Electricity Subsector Coordinating Council (ESCC), which serves as its principal liaison with the federal government and helps coordinate preparation and response to disasters or threats to critical infrastructure. 

The organization also noted that electric companies regularly plan and conduct exercises in various emergency situations, like cyberattacks, which could affect their ability to provide electricity. 

Yet the fact that the federal agencies’ advisory showcased technical details of a global energy sector intrusion campaign that used Havex malware, as well as the compromise of a Middle East-based energy sector organization with TRITON malware, showed that threats would take many forms and require constant vigilance.

“The FBI is committed to combatting the malicious cyber threat Russia continues to pose to our critical infrastructure industry,” Bryan Vorndran, assistant director of the FBI Cyber Division, said. “We strive to share information with our private sector partners as well as the public to enable them to increase their defense capabilities. The FBI is dedicated to investigating this targeted criminal activity and, along with our federal partners utilizing all of the tools in our toolbelt to hold these actors accountable.” 

CISA also urged targets of cyberattacks to report them quickly, stating that the sooner such knowledge is made available, the quicker action can be taken to halt further attacks.