The consequences of a large-scale cyberattack on critical infrastructure was well-documented in May when the UK’s healthcare system was brought to its knees by ransomware. Now, despite President Trump promising to develop a “comprehensive plan to protect America’s vital infrastructure from cyberattacks”, White House senators are pushing the president to take meaningful action following evidence that something similar could be on the cards for the US.
Newly-revealed forensic reports show that a recent power outage in Ukraine’s Kiev was caused by a piece of malware known as CrashOverride. This has been linked to the thought-to-be-Russian hacker group Sandworm, which was responsible for planting malware on US energy networks in 2014.
The malware caused a power outage equivalent to one fifth of the city’s power capacity –- not a completely debilitating figure, but researchers believe the hack was a ‘test run’ for wider application elsewhere, and noted that this piece of malware is the most evolved example of its kind observed in the wild.
As such, a group of 19 senators wrote to President Trump on Thursday, calling on the White House to instruct the Department of Energy to conduct an analysis of the Russian government’s capabilities to disrupt America’s power grid, as well as an investigation into the ways they may already have.
The letter, signed by Senators Bernie Sanders, Ron Wyden, Maria Cantwell and Al Franken, among others, reads: “We are deeply concerned that your administration has not backed up a verbal commitment prioritizing cybersecurity of energy networks and fighting cyber aggression with any meaningful action.”
The group wants answers within 60 days –- perhaps an ambitious target given Trump’s so-far seemingly relaxed approach to the issue. A similar request was made last March which the White House ignored, and while the Trump administration has issued an executive order for the assessment of security of critical infrastructure “in the coming months”, Senators argue that Trump’s budget proposal means funding cuts for the Department of Energy’s Office of Electricity Delivery and Energy Reliability.
According to Wired, the researchers behind the latest reports also have concerns about the White House’s approach to the country’s cyber security. “The potential impact here is huge,” said ESET security researcher Robert Lipovsky. “If this is not a wakeup call, I don’t know what could be.”
Source: US Senate (PDF)