Three months after a Department of Homeland Security intelligence report downplayed the threat of a cyber attack against the U.S. electrical grid, DHS and the FBI began a nationwide program warning of the dangers faced by U.S. utilities from damaging cyber attacks like the recent hacking against Ukraine’s power grid.
The nationwide campaign by DHS and the FBI began March 31 and includes 12 briefings and online webinars for electrical power infrastructure companies and others involved in security, with sessions in eight U.S. cities, including a session next week in Washington.
The unclassified briefings are titled “Ukraine Cyber Attack: Implications for U.S. Stakeholders,” and are based on work with the Ukrainian government in the aftermath of the Dec. 23 cyber attack against the Ukrainian power infrastructure.
These events represent one of the first known physical impacts to critical infrastructure which resulted from cyber-attack
the announcement by the DHS Industrial Control Systems Cyber Emergency Response Team read.
“The attacks leveraged commonly available tools and tactics against the control systems which could be used against infrastructure in every sector.”
The briefings will outline the details of the attacks, the techniques used by the hackers, and strategies to be used to limit risks and improve cyber security for grid organizations.
Security researchers have concluded the attack was carried out by Russian government hackers based on the type of malicious software, called BlackEnergy, that was detected in the incident.
The threat briefings followed an internal DHS intelligence report published in January that stated the risk of a cyber attack against U.S. electrical infrastructure was low.
“We assess the threat of a damaging or disruptive cyber attack against the U.S energy sector is low,” the report, labeled “for official use only,” says.