Senators Push Trump for Answers on Power Grid Malware Attack

In one of his first public statements on his priorities as president, Donald Trump promised to develop a “comprehensive plan to protect America’s vital infrastructure from cyberattacks.” That has not yet materialized. And as new evidence has emerged that a piece of sophisticated malware caused a blackout in the Ukrainian capital last December, one group of senators wants answers now about the threat of Russian grid-hacking.

Related Stories

  • Andy Greenberg

    How An Entire Nation Became Russia’s Test Lab for Cyberwar

  • Andy Greenberg

    ‘Crash Override’: The Malware That Took Down a Power Grid

  • Andy Greenberg

    Watch Hackers Take Over the Mouse of a Power-Grid Computer

In a letter to the president Thursday, 19 senators have called on the White House to direct the Department of Energy to conduct a new analysis of the Russian government’s capabilities to disrupt America’s power grid. They also want an exploration of any attempts the Kremlin may have already made to compromise America’s electric utilities, pipelines, or other energy infrastructure, all within 60 days. While they made a similar request in March–to which the White House never responded–forensic reports that surfaced last week about a piece of malware known as CrashOverride, which briefly took out about a fifth of the total energy capacity of Kiev, have given their query renewed urgency.

“We are deeply concerned that your administration has not backed up a verbal commitment prioritizing cybersecurity of energy networks and fighting cyber aggression with any meaningful action,” reads the letter, which was signed by senators Ron Wyden, Al Franken, Maria Cantwell, Bernie Sanders, Martin Heinrich and others.

The Trump administration has, to its credit, issued an executive order that called for new assessments of the cybersecurity of US critical infrastructure over the next few months. But Trump’s budget proposal, the senators point out, would cut funding to the Department of Energy’s Office of Electricity Delivery and Energy Reliability.

The recently revealed malware behind Ukranian blackout spurred action in particular because hackers could conceivably adapt it to Western Europe or American power utility targets as well. In analyses of the so-called CrashOverride attack released last week by the security firms ESET and Dragos, the two companies noted that the malware’s modular design, a feature that makes it a potential threat well beyond Ukraine. Dragos tied the malware’s creation to a hacker group known as Sandworm–widely believed to be Russian–that also planted malware on the networks of multiple US energy firms in 2014.

Since 2014, punishing cyberattacks have hit Ukrainian media, transportation, and government agencies. The campaign has destroyed hundreds of computers, deleted data, and paralyzed organizations’ basic functions. The December 2015 and December 2016 represent the most ambitious of those efforts, though, and the most ominous.

In our investigation of Ukraine’s ongoing cyberwar, Dragos founder Rob Lee told WIRED in March that those attacks represented a looming threat to the United States. “An adversary that had already targeted American energy utilities [has] crossed the line and taken down a power grid,” Lee says. “The people who understand the US power grid know that it can happen here.”

And as American legislators catch on to the reality of that threat, they want assurances for that the White House will follow through on its early promise of protection.