In a "Point of View" piece for Fast Company, writer Sarah Kendzior details how United States institutions and critical infrastructure are extremely vulnerable to Russian hackers and how the Trump administration appears to be ignoring potential catastrophe:
...in recent years, Ukraine’s power grid has been repeatedly hacked in what cybersecurity experts believe was part a test run for the United States. Russian hackers have also hacked many centers of U.S. power, including the State Department, the White House, and everyone with a Yahoo email address in 2014, the Department of Defense in 2015, and, of course, the Democratic National Committee, Republican National Committee, state and local voter databases, and personal email accounts of various US officials in 2016.
But while the role of hacks in the election is the subject of several ongoing probes, the hacks of other U.S. institutions and infrastructures have been largely ignored by the Trump administration, even as the hacking became more aggressive throughout 2017. In June,...the Department of Homeland Security and the FBI released an urgent joint report stating that U.S. nuclear power stations and other energy facilities had been hacked. In July, Bloomberg and the Washington Post confirmed that the hackers worked for the Russian government.
(...)
In September, security firm Symantec said it had notified more than 100 energy companies in the U.S., Turkey, Switzerland, Afghanistan, and elsewhere about Dragonfly 2.0—a set of intrusions into industrial and energy-related companies suspected to originate in Russia. Using targeted phishing emails and compromised websites designed to capture users’ credentials, the hackers gained access in some cases not just to front-office networks but to “operational machines.” As a Symantec security analyst told Fast Company, “We’re talking about machines that are controlling elements that are plugged into the power grid.” A month later, the Dept. of Homeland Security and FBI warned critical infrastructure providers in nuclear, energy, and other key sectors about the ongoing attacks, noting that “threat actors are actively pursuing their ultimate objectives over a long-term campaign.”
Despite the increasingly clarity and severity of Russia’s intentions, Trump said in July after a meeting at the G20 that he believes Vladimir Putin “that when he tells me [Russia didn’t carry out cyberattacks ahead of the U.S. election], he means it.”
(...)
While the Trump administration stalls, America’s power grid remains vulnerable. In the last month alone, there have been several dramatic mass outages, including a blackout at the Atlanta airport due to a fire that crippled both the main system and the backup, and a blackout at Disneyland, due to a problem with a transformer, that left people trapped on rides. That these outages were a result of flawed infrastructure and not purposeful hacks should not reassure anyone, as they showcase weaknesses and highlight how easy it would be for a hostile state actor to cause chaos and panic without ever crossing the border.
Read the full story: The Other Scary Foreign Hacking Threat Trump Is Ignoring (Fast Company)