Jack Goldsmith talks about the vulnerabilities of the U.S. energy infrastructure on Lawfare:
Moreover, the U.S. government has for many years warned that foreign adversaries have penetrated U.S. networks in ways that could be preparation for devastating cyberattacks. As long ago as November 2014, NSA director Mike Rogers warned that China and “probably one or two other countries” were inside the networks that controlled U.S. critical infrastructure, including the power grid, and could thus attack or disrupt those networks. At least twice in 2017, the U.S. government warned that foreign hackers had penetrated the computer networks of companies that run energy facilities in the United States. In November 2017, Symantec reported that hackers, including ones linked to the Russian government, had gained access to the computer networks of electrical utility companies.
So there is little that is new or surprising in the revelation that Russia is probing and placing potentially offensive implants in the computers that operate the U.S. electrical grid. But of course the revelation comes in the context of deep anxiety about Russian interference in the 2016 election and is exacerbated by deteriorating relations between Russia and the West.
The news that Russia and other adversary nations are deeply embedded in U.S. critical infrastructure networks—and that we are embedded in theirs—raises at least the following questions:
