By Matthew Daly, Associated Press
WASHINGTON — A Russian government hacking operation aimed at the U.S. power grid did not compromise operations at any of the nation’s commercial nuclear power plants, federal regulators and the nuclear industry said Friday.
Corporate networks at some of the 99 plants licensed by the Nuclear Regulatory Commission were affected by the 2017 hack aimed at the energy grid and other infrastructure, but no safety, security or emergency preparedness functions were impacted, the NRC said in a statement.
U.S. nuclear plants are designed as operational “islands” that are not connected to the internet and other networks. Nuclear power provides about 20 percent of the nation’s electricity.
The Nuclear Energy Institute, an industry lobbying group, said the Russian hacking campaign targeting U.S. infrastructure “demonstrated that America’s nuclear plants can withstand a nation-state sponsored attack.”
The Trump administration accused Moscow on Thursday of an elaborate plot to penetrate America’s electric grid, factories, water supply and even air travel through cyber hacking.
U.S. national security officials said the FBI, Department of Homeland Security and intelligence agencies determined Russian intelligence and others were behind a broad range of cyberattacks starting a year ago. Russian hackers infiltrated the networks that run the basic services Americans rely on each day: nuclear power, water and manufacturing plants.
U.S. officials said the hackers chose their targets methodically, obtained access to computer systems, conducted “network reconnaissance” and then attempted to cover their tracks by deleting evidence of the intrusions. The U.S. government has helped the industries expel the Russians from all systems known to have been penetrated, but additional breaches could be discovered, officials said.
The NRC, in its statement Friday, said the five-member commission and the nuclear industry “are vigilant in cybersecurity. Every nuclear power facility must meet the NRC’s regulations for an approved cybersecurity program, which includes separation of critical and non-critical systems.”
Energy Secretary Rick Perry said his department worked closely with other agencies and energy providers to help ensure that hacking attempts “failed or were stopped.”
Perry said he is creating an Office of Cyber Security and Emergency Response to consolidate and strengthen efforts to “combat the growing nefarious cyber threats we face.”
The accusations that Russia was behind the cyberattacks on U.S. infrastructure came as the Trump administration targeted Russians with sanctions for alleged election meddling for the first time since President Donald Trump took office.
The list of Russians being punished includes all 13 indicted last month by special counsel Robert Mueller, a tacit acknowledgement by the administration that at least some of Mueller’s Russia-related probe has merit.
Trump has repeatedly sought to discredit Mueller’s investigation into Russian interference in the presidential election, but the sanctions appeared to rely on the special counsel’s legal conclusions in deciding who should be named. The sanctions freeze any assets the individuals may have in U.S. jurisdictions and bar Americans from doing business with them.