As more and more industries rely on computers and internet accessibility, the risk of potential disruptions caused by hackers increases. It’s this risk that the Biden administration aims to make those in the energy sector aware of with a recent bulletin on Wednesday.
The bulletin, released jointly by the Federal Bureau of Investigation, the National Security Agency, the Department of Homeland Security, and the Energy Department, warns that so-called advanced persistent threat actors, a phrase often used to describe state-backed hackers, are capable of breaching industrial networks and then exploiting weaknesses in devices that control these facilities.
The government specifically highlighted devices made by Omron Corp. and Schneider Electric as being exploitable by hackers. These companies are major producers of industrial control equipment, including electric utilities.
In the bulletin, the agencies encouraged firms with industrial control systems to isolate their corporate computer networks and use strong passwords, among other recommendations. Past disruptions and hacks have also come from phishing emails, which trick company employees into giving key information that allows hackers to infiltrate the main systems.
Robert Lee, CEO of cybersecurity firm Dragos Inc., said on Twitter that this new malware is “highly capable” and important for companies to monitor because of its potentially destructive capabilities. Dragos has “high confidence” that a state actor developed the malware “with the intent on deploying it to disrupt key infrastructure sites,” Lee said.
While the bulletin doesn’t name any specific countries responsible for sponsoring the hackers, the government has warned of possible cyber attacks coming from Russia due to the ongoing conflict in Ukraine. A disruption of the energy sector and power grid could result in a serious setback for a variety of industries, including manufacturing.