In this CyberWire podcast from August 16, CyberX VP of Industrial Cybersecurity Phil Neray discusses the recent announcement by U.S. Department of Homeland Security launching the National Risk Management Center, with the mission of guarding the nation’s banks, energy companies and other industries from major cyberattacks that could cripple critical infrastructure. Listen to his comments in the podcast starting at 6:34.
“I think that the launch of the center is important. It is an acknowledgment that cyberthreats to our critical infrastructure are serious and that we need to handle them in a centralized and coordinated way. And we’ve seen, over the last few months, acknowledgements from the administration and from various intelligence agencies that we know the Russians have been in our critical infrastructure, we know they’re targeting not just our energy sector but also other sectors, like pharmaceuticals and oil and gas and chemicals. And we know that we have other adversaries, like Iran and North Korea, that are trying to do the same thing. So I think the idea of centralizing our response and centralizing the way we deal with these threats is a good thing. I think information sharing is a good thing. And coming up with some common ways of defending against these threats is important.
The interesting thing about Fancy Bear is that different industry groups have been tracking them for years. If you look at the group, they have a long history of doing nefarious cyber things across the world. In July 2008, they hacked Georgian ministries in advance of a Russian military invasion. It was probably the first time we saw a coordinated cyber and kinetic attack. In 2011 to 2014, they infected U.S. energy firms with BlackEnergy malware. In 2015, they destroyed equipment belonging to a French broadcaster, TV5. They made it – they tried to make it seem like it was an Islamic terrorist group, but later we found that it was them. They compromised German Bundestag members in 2015. They compromised U.S. defense contractors in 2015 and ’16. They’re more famously known for two destructive grid attacks in the Ukraine, one in December 2015, one in 2016. And with the recent indictments by the DOJ related to interference in our 2016 presidential election, officers that were named in that are all GRU officers – GRU being the Russian military intelligence agency.
In one of your recent podcasts, you said the goal is disruption and chaos. And if you think about it, disruption and chaos that was caused in the Ukraine by shutting down portions of the grid in the middle of winter, it wasn’t a catastrophe from a safety or environmental point of view, but it certainly goes a long way to creating disruption and chaos in the society. We also believe that Fancy Bear or, at least, the GRU was responsible for NotPetya. The economic impact of NotPetya is in the billions of dollars, including critical infrastructure and ICS systems that were down for days or weeks or months at a time, causing the companies to report huge losses. That’s a different type of impact. That’s an economic impact, as opposed to a kinetic impact or an electrical grid impact or an attempt to influence our political process.”