As is typical of any sort of security in America, no one ever acts or takes a threat seriously, until after something bad has happened.
The Department of Homeland Security is said to have been warning utility companies behind closed doors since 2014 that they should take cybersecurity issues seriously and to look out for foreign adversaries attempting to penetrate their computer systems. Of course, anyone paying attention to such things knows that this has been a concern since America became so dependant on computers to run everything…
This past Monday was the first time the Department of Homeland Security spoke about this in public and they plan to do so a few more times this year in an effort to promote more cooperation and awareness between the power companies and those they deal with that may have access to their networks.
According to the Department of Homeland Security, the Russians managed to hack our electric companies control rooms, and according to DHS some of the power companies may still not even know they have been hacked. The well-known cybersecurity company Symantec also discovered evidence that hackers infiltrated utility companies in the United States and North America in early 2017 and in March the United States Officially accused Russia of being behind the attacks.
DHS says that the Russians used a number of different well-known techniques to hack into the computer systems like watering-hole attacks and spear phishing with emails.
Watering-hole attacks are where the hacker infects a website that a person is known to frequent with malware and spear phishing is when they send emails to a targeted audience with something that looks like it comes from a trusted familiar source.
Of course, Russia denies all of this as anyone would expect and for some reason they did not take advantage of the access they gained to do anything malicious—that we know of—next time we might not be so lucky.