Most of us are aware that our personally identifiable information, like our credit card numbers, are at risk when retailers are hacked. However, there may be even greater risks. Indeed, the U.S. government has issued a recent warning about a hacking campaign targeting nuclear and energy sectors.
According to a Reuters article, in recent months hackers have utilized phishing emails in an effort to “harvest credentials” in order to gain access to networks at nuclear and energy targets. Reuters cites a joint report from the U.S. Department of Homeland Security and Federal Bureau of Investigation as its source. The report indicates that at least in some instances hackers already have succeeded in gaining entry to certain networks, but the report did not identify specific targets that were compromised.
Why do hackers have designs on the nuclear and energy sectors? The report states that “cyber actors have strategically targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict,” as cited by Reuters.
On top of this, Reuters reports that E&E News, an energy industry news site, has revealed that U.S. investigators are investigating apparent cyber intrusions at multiple nuclear power generators. While no safety systems reportedly were compromised, this is not a positive development.
It is not comforting to think that our energy and nuclear industries could be vulnerable to cyber attacks. We have seen what can happen; in late 2016, hackers were able to cut electricity in Ukraine. According to Reuters, two cybersecurity firms stated that they had identified malicious software implemented in the Ukraine attack, and which also stated that it would not be difficult to modify such software to come after utilities elsewhere, like in the United States.
Plainly, in this new internet era, warfare and attacks can take place in cyberspace as well as traditionally on land, on the sea and in the air. Absolute best efforts must be made to protect our nuclear and energy sectors. We need to avoid being put in the dark by energy disruption, we must protect the integrity of mission critical systems, and we must be certain that there is no risk of danger caused by interference with nuclear and other energy systems.
Eric Sinrod (@EricSinrod on Twitter) is a partner in the San Francisco office of Duane Morris LLP, where he focuses on litigation matters of various types, including information technology and intellectual property disputes. You can read his professional biography here. To receive a weekly email link to Mr. Sinrod’s columns, please email him at firstname.lastname@example.org with Subscribe in the Subject line. This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author’s law firm or its individual partners.