Today's Paper Search Latest Core values App In the news Traffic #Gazette200 Listen Digital FAQ Weather Newsletters Obits Puzzles/Games Archive
story.lead_photo.caption National Security Adviser John Bolton attends a meeting with President Donald Trump and senior military leadership at Al Asad Air Base, Iraq, Wednesday, Dec. 26, 2018.

WASHINGTON -- The United States is stepping up digital incursions into Russia's electric power grid in a warning to President Vladimir Putin and a demonstration of how President Donald Trump's administration is using new authorities to deploy cybertools more aggressively, current and former government officials said.

In interviews over the past three months, the officials described the previously unreported deployment of U.S. computer code inside Russia's grid and other targets as a classified companion to more publicly discussed action directed at Moscow's disinformation and hacking units around the 2018 midterm elections.

Advocates of the more aggressive strategy said it was long overdue, after years of public warnings from the Department of Homeland Security and the FBI that Russia has inserted malware that could sabotage U.S. power plants, oil and gas pipelines, or water supplies in any future conflict with the United States.

But it also carries significant risk of escalating the daily digital Cold War between Washington and Moscow.

The administration declined to describe specific actions it was taking under the new authorities, which were granted separately by the White House and Congress last year to U.S. Cyber Command, the arm of the Pentagon that runs the military's offensive and defensive operations in the online world.

But in a public appearance Tuesday, Trump's national security adviser, John Bolton, said the United States was now taking a broader view of potential digital targets as part of an effort "to say to Russia, or anybody else that's engaged in cyberoperations against us, 'You will pay a price.'"

Power grids have been a low-intensity battleground for years.

Since at least 2012, current and former officials say, the United States has put reconnaissance probes into the control systems of the Russian electric grid.

But now the U.S. strategy has shifted more toward offense, officials say, with the placement of potentially crippling malware inside the Russian system at a depth and with an aggressiveness that had never been tried before. It is intended partly as a warning and partly to be poised to conduct cyberstrikes if a major conflict broke out between Washington and Moscow.

The commander of U.S. Cyber Command, Gen. Paul Nakasone, has been outspoken about the need to "defend forward" deep in an adversary's networks to demonstrate that the United States will respond to the barrage of online attacks aimed at it.

"They don't fear us," he told the Senate a year ago during his confirmation hearings.

But finding ways to calibrate those responses so that they deter attacks without inciting a dangerous escalation has been the source of constant debate.

Trump issued new authorities to Cyber Command last summer, in a still-classified document known as National Security Presidential Memoranda 13, giving Nakasone far more leeway to conduct offensive online operations without receiving presidential approval.

But the action inside the Russian electric grid appears to have been conducted under little-noticed new legal authorities, slipped into the military authorization bill passed by Congress last summer. The measure approved the routine conduct of "clandestine military activity" in cyberspace, to "deter, safeguard or defend against attacks or malicious cyberactivities against the United States."

Under the law, those actions can now be authorized by the defense secretary without special presidential approval.

"It has gotten far, far more aggressive over the past year," one senior intelligence official said, speaking on the condition of anonymity but declining to discuss any specific classified programs. "We are doing things at a scale that we never contemplated a few years ago."

The critical question -- impossible to know without access to the classified details of the operation -- is how deep into the Russian grid the United States has bored. Only then will it be clear whether it would be possible to plunge Russia into darkness or cripple its military -- a question that may not be answerable until the code is activated.

Both Nakasone and Bolton, through spokesmen, declined to answer questions about the incursions into Russia's grid. Officials at the National Security Council also declined to comment but said they had no national security concerns about the details of The New York Times' reporting about the targeting of the Russian grid.

Speaking Tuesday at a conference sponsored by The Wall Street Journal, Bolton said: "We thought the response in cyberspace against electoral meddling was the highest priority last year, and so that's what we focused on. But we're now opening the aperture, broadening the areas we're prepared to act in."

He added, referring to nations targeted by U.S. digital operations, "We will impose costs on you until you get the point."

Two administration officials said they believed Trump had not been briefed in any detail about the steps to place "implants" -- software code that can be used for surveillance or attack -- inside the Russian grid.

Pentagon and intelligence officials described broad hesitation to go into detail with Trump about operations against Russia for concern over his reaction -- and the possibility that he might countermand it or discuss it with foreign officials, as he did in 2017 when he mentioned a sensitive operation in Syria to the Russian foreign minister.

Because the new law defines the actions in cyberspace as akin to traditional military activity on the ground, in the air or at sea, no such briefing would be necessary, they added.


Russian intrusion on U.S. infrastructure has been the background noise of superpower competition for more than a decade.

A successful Russian breach of the Pentagon's classified communications networks in 2008 prompted the creation of what has become Cyber Command. Under President Barack Obama, the attacks accelerated.

But Obama was reluctant to respond to such aggression by Russia with counterattacks, partly for fear that the United States' infrastructure was more vulnerable than Moscow's and partly because intelligence officials worried that by responding in kind, the Pentagon would expose some of its best weaponry.

At the end of Obama's first term, government officials began uncovering a Russian hacking group, alternatively known to private security researchers as Energetic Bear or Dragonfly. But the assumption was that the Russians were conducting surveillance, and would stop well short of actual disruption.

That assumption evaporated in 2014, two former officials said, when the same Russian hacking outfit compromised the software updates that reached into hundreds of systems that have access to the power switches.

"It was the first stage in long-term preparation for an attack," said John Hultquist, director of intelligence analysis at FireEye, a security company that has tracked the group.

In December 2015, a Russian intelligence unit shut off power to hundreds of thousands of people in western Ukraine. The attack lasted only a few hours, but it was enough to sound alarms at the White House.

A team of U.S. experts was dispatched to examine the damage, and concluded that one of the same Russian intelligence units that wreaked havoc in Ukraine had made significant inroads into the U.S. energy grid, according to officials and a homeland security advisory that was not published until December 2016.

"That was the crossing of the Rubicon," said David Weinstein, who previously served at Cyber Command and is now chief security officer at Claroty, a security company that specializes in protecting critical infrastructure.

In late 2015, just as the breaches of the Democratic National Committee began, yet another Russian hacking unit began targeting critical U.S. infrastructure, including the electricity grid and nuclear power plants. By 2016, the hackers were scrutinizing the systems that control the power switches at the plants.

After Trump's inauguration, Russian hackers kept escalating attacks.

Trump's initial cyberteam decided to be far more public in calling out Russian activity. In early 2018, it named Russia as the country responsible for "the most destructive cyberattack in human history," which paralyzed much of Ukraine and affected American companies including Merck and FedEx.

When Nakasone took over both Cyber Command and the National Security Agency a year ago, his staff was assessing Russian hackings on targets that included the Wolf Creek Nuclear Operating Corp., which runs a nuclear power plant near Burlington, Kan., as well as previously unreported attempts to infiltrate Nebraska Public Power District's Cooper Nuclear Station, near Brownville. The hackers got into communications networks, but never took over control systems.

In August, Nakasone used the new authority granted to Cyber Command by the secret presidential directive to overwhelm the computer systems at Russia's Internet Research Agency -- the group at the heart of the hacking during the 2016 election in the United States. It was one of four operations his Russia Small Group organized around the midterm elections. Officials have talked publicly about those, though they have provided few details.

But the recent actions by the United States against the Russian power grids, whether as signals or potential offensive weapons, appear to have been conducted under the new congressional authorities.

As it games out the 2020 elections, Cyber Command has looked at the possibility that Russia might try selective power blackouts in key states, some officials said. For that, they said, they need a deterrent.

In the past few months, Cyber Command's resolve has been tested. For the past year, energy companies in the United States and oil and gas operators across North America discovered their networks had been examined by the same Russian hackers who dismantled the safety systems in 2017 at Petro Rabigh, a Saudi petrochemical plant and oil refinery.

The question now is whether placing the equivalent of land mines in a foreign power network is the right way to deter Russia. While it parallels Cold War nuclear strategy, it also enshrines power grids as a legitimate target.

"We might have to risk taking some broken bones of our own from a counterresponse, just to show the world we're not lying down and taking it," said Robert Silvers, a partner at the law firm Paul Hastings and former Obama administration official. "Sometimes you have to take a bloody nose to not take a bullet in the head down the road."

A Section on 06/16/2019

Print Headline: Cyber-strategy targets Russian power grids


Sponsor Content

Archived Comments

  • 23cal
    June 16, 2019 at 6:14 a.m.

    "Pentagon and intelligence officials described broad hesitation to go into detail with Trump about operations against Russia for concern over his reaction -- and the possibility that he might countermand it or discuss it with foreign officials, as he did in 2017 when he mentioned a sensitive operation in Syria to the Russian foreign minister."
    They know he is a Russian puppet and an incompetent, irresponsible blowhard. By the way, our allies and their intelligence agencies know the same thing.

  • RBear
    June 16, 2019 at 7:35 a.m.

    I know some of the Trump minions will hurl attacks at Obama about this, but this statement pretty much details where things were at at the time. "But Obama was reluctant to respond to such aggression by Russia with counterattacks, partly for fear that the United States' infrastructure was more vulnerable than Moscow's and partly because intelligence officials worried that by responding in kind, the Pentagon would expose some of its best weaponry."
    The point then was that it would be far more dangerous to launch aggressive actions against Russia when our own grid was almost wide open and could be compromised more easily. During that time, those involved with securing our nation's infrastructure began shoring up defenses to lay the foundation for where we are today. Until we could provide more confidence on our own nation's security, it would have been foolish to attack Russia for fear of even greater and more widespread response.
    What is interesting is how this area could become the next battlefront and why there is an even greater need to close the gaps in cybersecurity across the nation. A couple of years ago, I sat in on a briefing by SANS's Internet Storm Center where they described activities by Russia against smaller nation's, using them as sort of a playground to test the infrastructure since US companies often supplied the systems used in those countries. It gave them a way to test the attacks to see what might be successful and where to focus.
    But, our nation has been stepping up defenses of infrastructure with more focus being placed on training and threat assessments of those system. One such example is SANS's Cyber City NetWars activity that is being held in more SANS conferences. It provides security professionals an opportunity to learn about attacks and defenses against infrastructure.
    Arkansas is also taking steps to address these needs with the creation and development of the American Cyber Alliance, a group focused on providing training and collaboration among cybersecurity specialists in the state. It's partnered with both DHS and the Arkansas National Guard to help bring the strongest talents to help companies and organizations in Arkansas improve their own cybersecurity environments.

  • UoABarefootPhdFICYMCA
    June 16, 2019 at 12:19 p.m.

    The KKKshemites of elitist governance are now doing the very same thing they were accusing these states of.

  • UoABarefootPhdFICYMCA
    June 16, 2019 at 12:20 p.m.

    these people, these officials who have accused and now do the very same thing, they are whores and they have whore hypocrite warhawk fans at home.

  • UoABarefootPhdFICYMCA
    June 16, 2019 at 1:04 p.m.

    There is no war with Russia, its all a lie until the day your MASTER DECIDES YOU DIE.

  • 0boxerssuddenlinknet
    June 16, 2019 at 5:31 p.m.

    said the new authority to do this was granted by the white house and the congress last year. still i don't like the idea of publicizing the plan even though we know that the Russians have already done it to us. wish we had the money to build in more redundancies into our electric grid. guess we just to to make sure we have plenty of cash on hand, bottled water, medical supplies candles, a honey bucket a grill and some dried food.

  • UoABarefootPhdFICYMCA
    June 16, 2019 at 6:18 p.m.

    These people are so far away, and while I used to be a fan of Bolton, his nose has grown and grown and grown.
    Now he is in Russia.
    It's all about the oil people.
    It's ALL about zionism.
    le sigh

    June 16, 2019 at 6:38 p.m.

    Russia is our threat.Then we have an arse kisser of Putin.That happens to be our potus.Is this treason,or just another of Trumps bad deal negotiation(knees,or all fours)?

  • Waitjustaminute
    June 16, 2019 at 7:35 p.m.

    JimGail, that's pathetic. Your statement "then we have an arse kisser of Putin.That happens to be our potus" is about three years too late. Our former potus was Putin's arse kisser: "this will be my last election. After the election, I will have more flexibility." "The 1980s just called; they want their foreign policy back." And responding to the election threats by taking Putin aside at their 2016 meeting, and "asking" him to stop.
    Now under Trump, we're finally getting serious with them. And you liberals can't stop your knee-jerk Pavlovian responses about how Trump is Putin's punk.

  • RBear
    June 16, 2019 at 8:02 p.m.

    WJAM your Trump shilling revisionist views are what's pathetic. 23cal called you out in another post and you ducked and dodged so much, I thought you were going to throw your back out. Never answered his questions to your revisionist timeline. Such a joke.