Communication & InfrastructureStandards, Regulations & LegislationTrends & Industry IssuesSDM NewswireInsider News & Business

FBI, DHS Detail Hacks Targeting Nuclear Facilities

By Tim A. Scally

The FBI and the Department of Homeland Security issued a joint report detailing malware attacks targeting employees of companies that operate nuclear power plants in the U.S., including the Wolf Creek Nuclear Operating Corporation in Burlington, Kan., according to the cybersecurity firm Tripwire.

The agencies communicated this report via an “amber” alert to the industry, which, Tripwire reported, is the second-highest level of severity for these types of reports from the FBI and DHS.

According to a New York Times article, hackers have been penetrating the computer networks of these companies along with other energy facilities and manufacturing plants in the U.S. and other countries since May.

The reports do not make clear how many facilities were breached, what the intentions of the hacks were (espionage, terror, stealing industrial secrets, etc.) or whether the hackers were able to get from their victims’ computers to the facilities’ control systems.

The report described an “advanced consistent threat” actor that was responsible, although it did not indicate the origins of the hackers. The language used, according to the Times article, is the language security specialists often use to describe government-backed hackers, however.

Paul Edon, director of international customer services Tripwire, explained, “With most industrial control systems now connected to the Internet, they have become vulnerable to targeted cyberattacks and cyber-espionage campaigns. However, because the systems were not designed with security in mind, they are largely unequipped to deal with these attacks.”

Edon urged action on the parts of business: “For any business that has an industrial control system footprint, whether in manufacturing, transportation or energy, now is the time to evaluate how the environment is being secured. Failure to do so could result in a devastating attack, which could cause serious damage or even endanger public safety.

Looking for quick answers on security topics? Try Ask SDM, our new smart AI search tool. Ask SDM →

“The first step is to review one of the available ICS Cyber Security Frameworks — i.e., ‘NIST Guide to Industrial Control Systems (ICS) Security’ or ‘CPNI - Security for Industrial Control Systems Framework.’ This will assist organizations in better understanding the challenges, requirements and responsibilities with regard to governance, business risk, managing ICS life cycle, education and skills, security improvements, vulnerability management, third party risk, and response capability.”

Visit www.tripwire.com for information.

KEYWORDS: cyber security security industry

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Former Associate Editor Tim Scally wrote and edited news-focused articles and columns, including Insider and Newswire. Along with attending shows and delivering breaking news, Tim wrote blog posts, feature articles and company profiles; he also deployed the SDM e-newsletter and posts to social media. Before joining SDM from a previous editorial position at BNP Media, Tim spent more than 10 years as a middle- and high-school English teacher. He holds a Bachelor of Science degree in English Education from Maranatha Baptist University.