US Cyber Command powers up attacks against Russia's electrical grid

Aggressive moves to implant malware are both a warning and an effort to enable crippling attacks if necessary, says The New York Times.

Edward Moyer Senior Editor
Edward Moyer is a senior editor at CNET and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch. ¶ For nearly a quarter of a century, he's edited and written stories about various aspects of the technology world, from the US National Security Agency's controversial spying techniques to historic NASA space missions to 3D-printed works of fine art. Before that, he wrote about movies, musicians, artists and subcultures.
  • Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.
Edward Moyer
2 min read
A US Army cadet during a cyber defense exercise.

A US Army cadet during a cyberdefense exercise.


The US military's Cyber Command has gotten more aggressive than ever against Russia in the past year, placing "potentially crippling malware" in systems that control the country's electrical grid, says a report. Made possible by little-noticed legal authority granted last summer by Congress, Cyber Command's strategy shift from a defensive to offensive posture is meant in part as a warning shot, but it's also designed to enable paralysing cyberattacks in the event of a conflict, The New York Times said Saturday, quoting unnamed officials.

The agency's actions can now be OK'd by the defense secretary without a special presidential thumbs-up, the Times said. And the recent moves appear to have taken place under a military authorization bill Congress passed in 2018 that gives the go-ahead for "clandestine military activity" in cyberspace to "deter, safeguard or defend against attacks or malicious cyberactivities against the United States."

The more-aggressive stance comes amid worries about Russian interference in the 2020 US presidential election, but strategies and concerns around cyberwarfare have been ramping up for some time. Red flags have included Russia's shutdown of part of Ukraine's power grid in 2015, as well as reports that a Russian government-sponsored group ID'ed as Dragonfly or Energetic Bear had been able to gain access to the control rooms of US electric utilities in 2017.

Cyber Command also received new authority last year from the US president under a still-classified document called National Security Presidential Memoranda 13, the Times said. The agency's "Russia Small Group" tapped that authority to, among other things, "overwhelm" computers used by the Internet Research Agency, the Russia-backed group indicted by the US Department of Justice for a campaign of fake news and trolling during the 2016 election.

The Times said Cyber Command is concerned Russia could trigger selective power outages in key states during the 2020 election and that it needs a way to discourage such attacks. But the agency and the US have to consider their moves carefully in this international game of cyberchess.

"The question now is whether placing the equivalent of land mines in a foreign power network is the right way to deter Russia," the Times report says. "While it parallels Cold War nuclear strategy, it also enshrines power grids as a legitimate target."

Cyber Command didn't respond to a request for comment.

In related news, Bloomberg reported Friday that a Russia-linked hacking group that shut down an oil and gas facility in Saudi Arabia in 2017 has been probing utilities in the US since late last year.

Originally published June 15, 11:26 a.m. PT.
Update, 11:33 a.m.: Adds mention of Bloomberg report.