WASHINGTON – Russian hackers attempted to penetrate the U.S. civilian aviation industry early in 2017 as part of a broad assault on America’s sensitive infrastructure.
The attack had limited impact and the industry has taken steps to prevent a repeat of the intrusion, Jeff Troy, executive director of the Aviation Information Sharing and Analysis Center (A-ISAC), said Friday. Troy wouldn’t elaborate on the nature of the breach and declined to identify specific companies or the work that was involved.
“It hit a part of our very broad membership,” Troy said. The intrusion wasn’t something that would directly harm airplanes or airlines, he said. “But I did see that this impacted some companies that are in the aviation sector.”
Troy’s comments confirmed the effects on aviation of a Russian attack that was described more broadly on Thursday by U.S. government officials. The assault was aimed at the electric grid, water processing plants and other targets, the officials said, in the first formal confirmation that Russia had gained access to some U.S. computer systems. The Department of Homeland Security and Federal Bureau of Investigation identified aviation as one of the targets but didn’t provide specifics.
The trade group Airlines for America declined to comment on the report.
Troy’s group represents aircraft manufacturers, equipment suppliers, satellite builders, airports and airlines, among other elements of the broad industry. Similar groups monitoring cyberattacks across more than a dozen sectors of the economy were formed by a presidential directive in 1998 and were bolstered after the Sept. 11, 2001, attacks.
Troy said the aviation assault was detected in the early stages, when hackers typically perform surveillance, test a network’s defenses and devise software weapons to use.
In the energy industry attack, the hackers used smaller companies’ networks to insert malware that allowed them to then gain access to power plants’ computers, according to the government alert Thursday.
A disruption of the airline and private-aircraft systems could have enormous economic and psychological effects. In recent years, several airlines have had to halt operations and suffered millions of dollars of lost revenue when their computer reservation systems crashed. Terrorists have long targeted aviation because of its out-size impact on society.
The focus on the aviation sector highlights the risks to large infrastructure systems from cyberintrusions, said Lance Hoffman, distinguished research professor at George Washington University’s Department of Computer Science. Airlines, along with systems like the air-traffic control network, operate with increasingly connected computers that are inherently vulnerable to hacking, Hoffman said.
“How do you build a system and test it and get it right?” he said. “That is a hard question.”
Federal regulators and the industry said Friday that the Russian hacking operation aimed at the U.S. power grid did not compromise operations at any power plants.
Corporate networks at some of the 99 nuclear power plants licensed by the Nuclear Regulatory Commission were affected by the 2017 hack but no safety, security or emergency preparedness functions were affected, the NRC said.
The Federal Energy Regulatory Commission also said the incident had no operational impacts on interstate transmission of electricity.
Even so, government and industry leaders said the attacks underscored the increased threat of electronic and computer-based attacks on a range of infrastructure.
Energy Secretary Rick Perry said the prolonged cyberattack “demonstrates exactly why” he is creating an Office of Cyber Security and Emergency Response. The new office will consolidate and strengthen efforts to “combat the growing nefarious cyberthreats we face,” Perry said, adding that his department has worked closely with other federal agencies and energy providers to help ensure that hacking attempts “failed or were stopped.”
The Trump administration accused Moscow on Thursday of an elaborate plot to penetrate America’s electric grid, factories, water supply and air travel through hacking.
U.S. national security officials said the FBI, Department of Homeland Security and intelligence agencies determined that Russian intelligence and others were behind a broad range of cyberattacks starting more than a year ago.
U.S. officials said the hackers chose their targets methodically, obtained access to computer systems, conducted “network reconnaissance” and then attempted to cover their tracks by deleting evidence of the intrusions. The operation resorted to various methods — including a kind of cyberattack known as spear-phishing — to try to compromise legitimate user accounts, gather user credentials and target industrial control systems and their networks, officials said.
The U.S. government has helped the industries expel the Russians from all systems known to have been penetrated but additional breaches could be discovered, officials said.
The Nuclear Energy Institute, an industry lobbying group, said the Russian hacking campaign “demonstrated that America’s nuclear plants can withstand a nation-state sponsored attack.”
U.S. nuclear plants are designed as operational “islands” that are not connected to the internet and other networks. Nuclear power provides about 20 percent of the nation’s electricity.
The Edison Electric Institute, which represents investor-owned electric companies that provide electricity for about 220 million Americans, said the government informed energy grid operators last year of a threat targeting them.
“While this incident did not have operational impacts, we have worked across the sector and with government partners to ensure the ongoing protection of the grid from this specific threat and from all cyber and physical security risks,” said Scott Aaronson, the group’s vice president of security and preparedness.
Sen. Maria Cantwell of Washington state, the top Democrat on the Senate Energy Committee, criticized the “belated response” by the Trump administration to Russian cyberthreats and urged “a robust and aggressive strategy to protect our critical infrastructure.”
Calling cybersecurity “an issue that keeps me up at night,” Cantwell said the grid and its infrastructure are “under attack from the Russians and other foreign actors. If we don’t make the necessary investments … our enemies could succeed in causing a blackout that harms our economy.”
The accusations that Russia was behind the cyberattacks on U.S. infrastructure came as the Trump administration targeted Russians with sanctions for alleged election meddling for the first time since President Donald Trump took office.
The list of Russians being punished includes all 13 indicted last month by special counsel Robert Mueller, a tacit acknowledgement by the administration that at least some of Mueller’s Russia-related probe has merit.
Trump has repeatedly sought to discredit Mueller’s investigation into Russian interference in the presidential election, but the sanctions appeared to rely on the special counsel’s legal conclusions in deciding who should be named. The sanctions freeze any assets the individuals may have in U.S. jurisdictions and bar Americans from doing business with them.