'Hacking' Of US Nuclear Facilities Appears To Be Little More Than The Sort Of Spying The US Approves Of
from the spies-like-us dept
Earlier this week, the New York Times raised the alarm -- and vivid Stuxnet imagery -- about hackers targeting US nuclear facilities. The DHS raised its own alarm -- one with a specific color -- about the same hacking attempts.
Among the companies targeted was the Wolf Creek Nuclear Operating Corporation, which runs a nuclear power plant near Burlington, Kan., according to security consultants and an urgent joint report issued by the Department of Homeland Security and the Federal Bureau of Investigation last week.
The joint report was obtained by The New York Times and confirmed by security specialists who have been responding to the attacks. It carried an urgent amber warning, the second-highest rating for the sensitivity of the threat.
Later in the article, the New York Times brings up Stuxnet, despite undermining such speculative comparisons in earlier paragraphs. According to the documents the Times saw, hackers don't appear to be attempting to control the facilities.
The report did not indicate whether the cyberattacks were an attempt at espionage — such as stealing industrial secrets — or part of a plan to cause destruction. There is no indication that hackers were able to jump from their victims’ computers into the control systems of the facilities, nor is it clear how many facilities were breached.
Wolf Creek officials said nothing sensitive had been breached and the evidence trail suggests something not nearly as concerted as an "attack." Instead, it appears the breaches have been the result of watering holes and spearfishing, not a concentrated assault on nuclear plant control systems. It's not that there's nothing to be worried about, but that there's nothing to be worried about on an "amber" level, to use the DHS's own color-coded Map of Worries.
The DHS's amber alert is mostly baseless… according to the DHS itself.
In a joint statement with the F.B.I., a spokesman for the Department of Homeland Security said, “There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.”
One paragraph after that, an official at the agency all 99 US nuclear facilities report to said no facility had reported any breaches of operational systems.
So, there's apparently some "targeting," but nothing aimed at operational systems and certainly no Stuxnet-equivalent roaming around plants in search of a nuclear catastrophe. Instead, these "attacks" appear to be something the US considers to be perfectly acceptable hacking… at least when we do it. Here's Marcy Wheeler on what the hacking revelations actually reveal:
There is spying — the collection of information on accepted targets. And there is sabotage — the disruption of critical processes for malicious ends.
This is spying, what our own cyber doctrine calls “Cyber Collection.”
Cyber Collection: Operations and related programs or activities conducted by or on behalf of the United States Government, in or through cyberspace, for the primary purpose of collecting intelligence – including information that can be used for future operations – from computers, information or communications systems, or networks with the intent to remain undetected. Cyber collection entails accessing a computer, information system, or network without authorization from the owner or operator of that computer, information system, or network or from a party to a communication or by exceeding authorized access. Cyber collection includes those activities essential and inherent to enabling cyber collection, such as inhibiting detection or attribution, even if they create cyber effects. ( C/NF)
This isn't to say the US shouldn't be engaged in these activities. This isn't to say the US should be completely OK with other countries doing the same thing. What does need to be said is the US government needs to be completely clear about what it has observed, rather than raise alerts about cyber attacks that portray intelligence gathering by foreign operatives as attacks on crucial (and potentially dangerous) systems.
That doesn’t mean Russian spying on how our nuclear facilities work is not without risk. It does carry risks that they are collecting the information so they can one day sabotage our facilities.
But if we want to continue spying on North Korea’s or Iran’s nuclear program, we would do well to remember that we consider spying on nuclear facilities — even by targeting the engineers that run them — squarely within the bounds of acceptable international spying. By all means we should try to thwart this presumed Russian spying. But we should not suggest — as the NYT seems to be doing — that this amounts to sabotage, to the kinds of things we did with StuxNet, because doing so is likely to lead to very dangerous escalation.
This is where the DHS fell down in its "sharing" of internal documents with the New York Times. No one bothered to correct the Times when it went off on a Stuxnet tangent. This could give some government officials the wrong idea about what's happening -- both here and in foreign nations. There are many people in power who get much of their information from the press. This leads to bad bills being hurriedly crafted and public calls to action based on hearsay from a document someone else viewed. And that's just here in the US.
On top of that, there's how we behave and how we expect others to behave. We're going to do this sort of thing. So are our adversaries. Both sides will continue to play defense. But going from 0-to-Stuxnet in the DHS's Ambermobile isn't a great idea. And it allows US officials to further distance themselves from actions we condone as part of our national security efforts.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: dhs, espionage, hacking, nuclear facilities
Reader Comments
Subscribe: RSS
View by: Time | Thread
So what if we started the cyber games, they are doing it back and we can't have that!!!
We handed out all of our best hacks to the world, and PEOPLE ARE USING THEM AGAINST US! Don't these hacks love their parents!?
Perhaps before poking the giant hornets nest world wide, we should have made sure our windows were closed to keep them from flying in and stinging us.
Top men & our best minds....
Worried yet?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Most people have this wrong misconception that the supposed moral of the story is: Never tell a lie.
But the US Government and Cardassian spies know better. The moral of the story actually is: Never tell the same lie twice.
[ link to this | view in chronology ]
Maybe I am just picky because IT is my living, but to me it sounds like a text about animal welfare where they kept referring to all the "doggies" and "horsies".
[ link to this | view in chronology ]
American Exceptionalism
Because the US is so special. But then again, most countries think that they're "special".
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Techdirt doesn't "have" it. That's a function of your browser.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Did you know Wendell Pierce, the actor who played Agent Richard Gill also played 5 separate characters in the Law & Order franchise? Fascinating stuff. What was this article about again?
[ link to this | view in chronology ]
Re:
Update: I have now moved on to YouTube watching old New England Telephone commercials just to get the jingle out of my head.
We're the one for you, New England. New England Telephone.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Par for the course hypocrisy
The US interferes in the politics of other countries more than any other Govt on the planet. Not only do we interfere with elections we actually have a long history of helping to overthrow democratically elected leaders if we do not like their policies.
If we are going to do it to other countries do not be surprised when they do it us.
[ link to this | view in chronology ]
Re: Par for the course hypocrisy
/s
[ link to this | view in chronology ]
Re: Re: Par for the course hypocrisy
I say people voted Trump because they wanted change. Okay, they've got change. How are they liking all that lovely change?
[ link to this | view in chronology ]
Re: Re: Re: Par for the course hypocrisy
Nobody's investigating that because people know exactly how it happened: Trump won small margins in many states, and Clinton won large margins in a few states, and Trump's many states had more combined electoral votes than Clinton's few states.
It's related to the same way gerrymandering works: pack the people who oppose you into a small number of districts, so that although their candidates in those districts win by huge majorities, their candidates in the majority of districts lose. Electoral-college allocation isn't rigged in quite the same way as the usual gerrymandering process (for one thing, the district boundaries are the state boundaries, which aren't really redraw-able in the same way), but the underlying mechanism still works.
IIRC, if three particular states with relatively tiny margins had gone for Clinton rather than Trump, that would have shifted enough electoral votes to the opposite column we'd have had another President Clinton this year. I don't remember which states that is, however, and it's possible I'm remembering it wrong.
[ link to this | view in chronology ]
Cyber
I cyber, you cyber, he she cybers, cybering, cybernology, the study of cyber... come on this is first grade stuff!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Sanity.
[ link to this | view in chronology ]
Re: Sanity.
[ link to this | view in chronology ]
Au Rule
[ link to this | view in chronology ]