www.washingtonpost.com Open in urlscan Pro
104.89.37.22  Public Scan

Form analysis
1 forms found in the DOM

GET https://www.washingtonpost.com/newssearch/

<form id="search-form" method="get" class="search-form dn flex-ns items-center relative" action="https://www.washingtonpost.com/newssearch/" role="search"><label for="query" aria-labelledby="searchTitle"><input type="text" id="query"
      autocomplete="off" name="query" class="no-shadow text-input brad-4 font-xxxs pa-0 b-none dn hidden" style="width:0;height:34px;line-height:20px;transition:all 0.25s cubic-bezier(0.49, 0.37, 0.45, 0.71)" placeholder="Search" aria-label="search"
      value=""></label><span id="searchTitle" class="dn">Search Input</span><button type="submit" name="btn-search" class="pa-0 focus-highlight btn btn-sm dn dib-ns btn-show-search-input btn-gray" aria-label="search"><svg
      class="content-box fill-white va-m" width="16" height="16" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" role="img">
      <title>Search</title>
      <path d="M10.974 9.56l3.585 3.585-1.414 1.414-3.585-3.585a5.466 5.466 0 1 1 1.414-1.414zm-1.04-3.094a3.466 3.466 0 1 0-6.934 0 3.466 3.466 0 0 0 6.933 0z" fill-rule="nonzero"></path>
    </svg></button></form>

Text Content

Accessibility statementSkip to main content
Search InputSearch
SectionsMenu
SectionsMenu
The Washington PostDemocracy Dies in Darkness
Try four weeks free
Sign inProfileSolid
Sign inProfileSolid
National Security
Foreign Policy
Justice
Intelligence
Military

Cables meet at a desk input point inside the control room at the Greater Des
Moines Energy Center in Pleasant Hill, Iowa, on March 29. (KC McGinnis for The
Washington Post)
National Security


U.S. GOVERNMENT AND ENERGY FIRMS CLOSE RANKS, FEARING RUSSIAN CYBERATTACKS


THE UKRAINE WAR HAS PUT THEM ON HIGH ALERT

By Ellen Nakashima
April 6, 2022 at 12:32 p.m. EDT
By Ellen Nakashima
April 6, 2022 at 12:32 p.m. EDT
Headphones
Listen to article
8 min

Share this story

DES MOINES — In February, as Russian troops massed on Ukraine’s border,
executives with a major energy firm here worked with U.S. energy and homeland
security officials to draw up a playbook and help prepare the electricity sector
to deal with potential cyberattacks by Russia.

Berkshire Hathaway Energy officers were among the small group that wrote the
guidelines, which stressed the importance of quickly sharing cyberattack
information between industry and government.

Advertisement

Story continues below advertisement



With President Biden warning last month of evolving intelligence that Russia is
exploring possible cyberattacks against American critical industries, companies
such as Berkshire Hathaway Energy and the U.S. government are on high alert.
After years of what critics saw as lip service, cybersecurity collaboration
between the federal government and some critical industries has taken root,
officials and industry leaders say, and it could be put to the test as Russian
government hackers probe the defenses of American power plants, banks and
telecommunications networks.

Biden warns U.S. companies to gird up against Russian cyberattacks

“The collaboration between government and the private sector has seen
exponential improvement over the last couple of years,” said Bill Fehrman,
president and chief executive of Berkshire Hathaway Energy (BHE), which provides
electricity generated by wind, solar, natural gas and coal to 12 million
customers in the United States, Canada and Britain. “The main benefit,” he said,
“is the more efficient transfer of information from the front line — the
companies — to the government, and getting usable information back from the
government in a timely manner.”




In particular, he said, the declassification of information from the government
“has gone from months to in some cases hours.”



BHE is so large — one of the biggest electricity companies in North America by
number of customers — that if its systems were disrupted by a Russian
cyberattack, officials say, the impact on Americans’ lives would be substantial.
At the same time, they say, practices such as those adopted by BHE, whose CEO
chairs the electricity sector group that coordinates with the federal
government, can serve as a model for the industry.

As a chill wind whipped off the farm fields an hour northwest of Des Moines, the
warmth from a 10,000-horsepower engine and the smell of oil filled a compressor
room. The engine, chugging so loudly workers wear earplugs, powers pistons that
compress natural gas. The compressor station in Ogden is one stop along the
13,000-mile-long Northern Natural Gas pipeline, which is part of BHE and studded
with similar stations every 60 miles or so. The compressed gas is fed from one
station to another in relay fashion, serving homes, hospitals and power plants
from Bakersfield, Tex., to Michigan’s Upper Peninsula.

Russian government hackers penetrated U.S. energy and nuclear power business
networks




There has never been a cyberattack on any industrial control system within BHE
and its 11 subsidiaries. That is because of strict security measures imposed
over the past eight years, said Chief Security Officer Michael Ball. No
operational network is connected to the Internet, and third-party vendors coming
in to do maintenance follow stringent rules, including a ban on plugging any
outside hardware into the system.

But although its industrial control or operational technology (OT) systems are
not connected to the Internet, the company still has to ensure that traffic
flowing within its systems is not contaminated by malware.

In a campaign launched by the White House a year ago to boost the cyberdefenses
of critical sectors, BHE deployed sensor software in its OT networks to look for
malicious activity and vulnerabilities. The software it chose, developed by a
company called Dragos, detects suspicious traffic from nation-state actors. It
also anonymizes the data and makes it available to analysts at the National
Security Agency, the Energy Department and the Department of Homeland Security’s
Cybersecurity and Infrastructure Security Agency (CISA).

“We have confirmed foreign states are active in their targeting of U.S. energy
industrial control systems,” said Robert M. Lee, CEO of Dragos, whose software
allows the government to send queries to the companies to see whether they have
detected the presence of certain adversaries.

Advertisement

Story continues below advertisement



By the end of the first 100-day campaign, which focused on electricity
companies, almost 60 percent of electricity customers in the United States were
covered by companies that had or pledged to have commercial cyberthreat sensors
on their OT networks, said Fehrman, who coordinated the effort across the
sector.

Work with the natural gas sector followed, and in January an effort for the
water sector began.

“If power is disrupted, or if oil and gas is disrupted, or if clean water is
disrupted, that really affects Americans’ lives,” said Anne Neuberger, deputy
U.S. national security adviser for cyber and emerging technology. “The
collaboration between companies and with the government, the deployment of
commercial sensors, the deepened information-sharing has been an important
contribution to the sectors’ resilience,” she said.

Though Biden’s warning last month was based on intelligence gathered by the U.S.
government, the sensors were helpful for additional insight, U.S. officials
said.

Five years ago, Russian government hackers penetrated the OT systems of some
American electricity companies, but the intrusions were not detected
immediately. It took some companies months to realize they had been infiltrated.
The sensors should cut that time drastically, U.S. and company officials said.

Last year, Russian criminals carried off a ransomware attack on Colonial
Pipeline, snarling up the company’s administrative computer network. Out of fear
that the malware might spread to the OT system, the company shut down its fuel
pipeline for five days, prompting panic-buying at gas stations on the East Coast
and raising concerns that Russia might target other critical companies.

New emergency cyber regulations for pipelines draw mixed reviews

The abundance of targets in American industry prompted CISA to issue a call in
February to companies to harden their cyberdefenses in a campaign the agency
dubbed “Shields Up.”




On a recent day, a senior threat intelligence analyst at BHE’s global security
operations center pulled up a dashboard on a large screen on a wall, displaying
some 3,000 Russian “indicators of compromise,” or IP addresses and other digital
clues that had been tied to cyberattacks on Ukraine government systems since
January. The IOCs, as they are called, came from the DHS; the Canadian Center
for Cyber Security, a government agency; and the Energy Department; as well as
an industry information-sharing collective and private threat intelligence
companies.

In years past, companies might get this sort of data, but by the time it got to
them, “chances are really good I already knew about it,” BHE’s Ball said. “Now
it’s flipped, and we’re seeing stuff faster, more of the stuff we haven’t
already heard about.”

And, more importantly, company executives say, the quality of some of that
information has improved.

“We have been getting ‘actionable intelligence’ — extremely helpful feedback
that we can implement,” Fehrman said. That is intelligence obtained through U.S.
government penetration of adversaries’ systems overseas and enhanced with more
information that, for instance, tells companies what threat is really
significant, what techniques the hackers are using, what machines they are
targeting — sometimes down to make and model — and what defensive actions should
be taken as a result.

Advertisement

Story continues below advertisement



A major milestone in facilitating some of the cooperation driven by the Ukraine
crisis was a congressional mandate that CISA set up a 24/7 center for the
real-time sharing of threat information that includes personnel from key
industrial sectors as well as from the FBI, the DHS, the NSA and the Energy and
Treasury departments. The result was the launch last summer of what CISA
Director Jen Easterly named the Joint Cyber Defense Collaborative.

The JCDC has “created a beachhead,” said Tom Fanning, CEO of the energy giant
Southern and a member of the Cyberspace Solarium Commission, which recommended
the formation of the collaborative. “As we mature the process, it will get
better and better and better.”




A major spoke off the JCDC information-sharing hub is the Energy Department’s
Energy Threat Analysis Center, created in January to enable companies and the
government to jointly analyze threats and develop measures to deal with them.

It will also feed that information back to the JCDC. “If we’re seeing a threat
to an energy industrial control system, we certainly want to make sure that
information gets out to other sectors like water and chemical, [which] have
similar systems,” said Puesh Kumar, director of the department’s Office of
Cybersecurity, Energy Security and Emergency Response.

Advertisement

Story continues below advertisement



In February, the White House put CISA Executive Director Brandon Wales in charge
of an effort to ensure the government can handle a cyberattack from the
Russians, including any resulting physical consequences in the public or private
sectors.

Biden executive order aims to strengthen federal cyberdefenses

“On the whole we are more prepared now than ever before,” Wales said.

“Russian malicious cyber actors have posed a high threat to the U.S. government
and the critical infrastructure since before the invasion of Ukraine,” he said,
“and they will present a threat after this current crisis is resolved.”



Comment
41 Comments
GiftOutline
Gift Article



MORE FROM THE POST


 * RIGHT-WING AZOV BATTALION EMERGES AS A CONTROVERSIAL DEFENDER OF UKRAINE
   
   April 5, 2022


 * EASTERN UKRAINE BRACES FOR RENEWED ASSAULT AS RUSSIA REGROUPS
   
   April 5, 2022


 * ROBERTS JOINS LIBERALS IN CRITICIZING ‘SHADOW DOCKET’ POLLUTION RULING
   
   April 5, 2022


 * JUSTICE DEPT. CHARGES RUSSIAN OLIGARCH WITH SANCTIONS VIOLATIONS
   
   April 5, 2022


 * A MONTH INTO THE WAR, THESE COMPANIES STILL WRESTLE WITH EXITING RUSSIA
   
   April 5, 2022

Loading...


Loading...
Company
 * About The Post
 * Newsroom Policies & Standards
 * Diversity and Inclusion
 * Careers
 * Media & Community Relations
 * WP Creative Group
 * Accessibility Statement

Get The Post
 * 
 * Become a Subscriber
 * Gift Subscriptions
 * Mobile & Apps
 * Newsletters & Alerts
 * Washington Post Live
 * Reprints & Permissions
 * Post Store
 * Books & E-Books
 * Newspaper in Education
 * Print Archives (Subscribers Only)
 * e-Replica
 * Today’s Paper

Contact Us
 * Contact the Newsroom
 * Contact Customer Care
 * Contact the Opinions team
 * Advertise
 * Licensing & Syndication
 * Request a Correction
 * Send a News Tip
 * Report a Vulnerability

Terms of Use
 * Digital Products Terms of Sale
 * Print Products Terms of Sale
 * Terms of Service
 * Privacy Policy
 * Cookie Settings
 * Submissions & Discussion Policy
 * RSS Terms of Service
 * Ad Choices

washingtonpost.com © 1996-2022 The Washington Post
 * washingtonpost.com
 * © 1996-2022 The Washington Post
 * About The Post
 * Contact the Newsroom
 * Contact Customer Care
 * Request a Correction
 * Send a News Tip
 * Report a Vulnerability
 * Download the Washington Post App
 * Policies & Standards
 * Terms of Service
 * Privacy Policy
 * Cookie Settings
 * Print Products Terms of Sale
 * Digital Products Terms of Sale
 * Submissions & Discussion Policy
 * RSS Terms of Service
 * Ad Choices









THE WASHINGTON POST CARES ABOUT YOUR PRIVACY

We and our partners store and/or access information on a device, such as unique
IDs in cookies to process personal data. You may accept or manage your choices
by clicking below, including your right to object where legitimate interest is
used, or at any time in the privacy policy page. These choices will be signaled
to our partners and will not affect browsing data.


WE AND OUR PARTNERS PROCESS DATA TO PROVIDE:

Actively scan device characteristics for identification. Select basic ads. Store
and/or access information on a device. Create a personalised ads profile. Select
personalised ads. Create a personalised content profile. Select personalised
content. Measure ad performance. Measure content performance. Apply market
research to generate audience insights. Develop and improve products. View list
of partners

I accept Manage cookies