The modular design of malware used in last year's Ukraine cyberattack could be adapted to attack U.S. infrastructure.
The modular design of malware used in last year's Ukraine cyberattack could be adapted to attack U.S. infrastructure.

A group of 19 senators Thursday urged President Trump to direct the Department of Energy to investigate Russian meddling with U.S. energy infrastructure.

In a letter sent to the White House on June 22 the group followed up on a March 14 letter sent that attempted to draw the president's attention to the possibilities of cyberattacks on the nation's grid. The first missive received no response from the White House.

The June 22 letter comes in the wake of fresh evidence of Russia's cyber capabilities. The senators point to news reports alleging that Russia developed a new cyber tool, dubbed either “Industroyer” or “Crash Override,” which they claim is "the first ever malware framework to specifically attack electric grids."

Arguing that the malware was used last year to knock out power to Ukrenergo, an electric transmission station north of the city of Kiev in the Ukraine, the letter pointed to a conclusion reached by the Department of Homeland Security that the threat could be customized to cripple critical information networks and systems in the U.S.

Recently released studies from security firms ESET and Dragos confirmed that the modular design of the malware used in the Ukraine cyberattack could be adapted to apply it to U.S. infrastructure. In fact, a hacker group known as Sandworm – believed to be Russian – is already credited with planting malware on a number of energy networks within the U.S.

The hour-long blackout in Kiev was seen as a test run by many experts, clear evidence that malicious code could be used to disrupt operations of physical systems. It must be noted that the first demonstration of this capability was an operation dubbed Stuxnet, a joint cyberattack in 2009 by the U.S. and Israel that infected the network of an Iranian nuclear plant with a trojan that caused centrifuges at the facility to tear themselves apart.

Russians and other foreign actors have the means and, potentially, the intent to strike causing significant harm to the U.S. economy should critical infrastructure – including the electrical grid –  be attacked, the senators explained, citing statements from Admiral Rogers, the Director of the National Security Agency and the Commander of the U.S. Cyber Command, who recently told Congress that Russia holds the cyber capability to cripple U.S. infrastructure.

While the president did issue an executive order calling for fresh assessments of the U.S. critical infrastructure, the senators expressed dismay that the president indicated his administration intended to slash funds slated for protecting the national grid – particularly a 40% reduction to the Department of Energy's Office of Electricity Delivery and Energy Reliability – rather than budget for increased protection from Russian cyberattacks.

"How can our government protect our national security assets if the administration does not allocate the necessary resources?," the senators asked.

They conclude the letter with an appeal that within 60 days the administration direct the Department of Energy, along with relevant partners, to conduct a thorough analysis of Russia's capabilities in deploying cyber warfare to threaten the U.S. power grid, as well as determine the extent to which Russia operatives already have attempted cyber intrusions into "electrical grid, pipelines and other important energy facilities."