China, Cambodia agree to nuclear energy cooperation

Dragonfly energy sector cyberattacks target ICS and SCADA across critical infrastructure, including the power grid and nuclear facilities, using spearphishing, watering-hole sites, supply-chain compromises, malware, and VPN exploits to gain operational access.

Key Points

Dragonfly APT campaigns target energy firms and ICS to gain grid access, risking manipulation and service disruption.

✅ Breaches leveraged spearphishing, watering-hole sites, and supply chains.

✅ Targeted ICS, SCADA, VPNs to pivot into operational networks.

✅ Aimed to enable power grid manipulation and potential outages.

An October, 2017 report by researchers at Symantec Corp., cited by the U.S. government, has linked recent US power grid cyber attacks to a group of hackers it had code-named "Dragonfly", and said it found evidence critical infrastructure facilities in Turkey and Switzerland also had been breached.

The Symantec researchers said an earlier wave of attacks by the same group starting in 2011 was used to gather intelligence on companies and their operational systems. The hackers then used that information for a more advanced wave of attacks targeting industrial control systems that, if disabled, leave millions without power or water.

U.S. intelligence officials have long been concerned about the security of the country’s electrical grid. The recent attacks, condemned by the U.S. government, striking almost simultaneously at multiple locations, are testing the government’s ability to coordinate an effective response among several private utilities, state and local officials, and industry regulators.

#google#

While the core of a nuclear generator is heavily protected, a sudden shutdown of the turbine can trigger safety systems. These safety devices are designed to disperse excess heat while the nuclear reaction is halted, but the safety systems themselves may be vulnerable to attack.

The operating systems at nuclear plants also tend to be legacy controls built decades ago and don’t have digital control systems that can be exploited by hackers.

“Since at least March 2016, Russian government cyber actors… targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors,” according to Thursday’s FBI and Department of Homeland Security report. The report did not say how successful the attacks were or specify the targets, but said that the Russian hackers “targeted small commercial facilities’ networks where they staged malware, conducted spearphishing, and gained remote access into energy sector networks.” At least one target of a string of infrastructure attacks last year was a nuclear power facility in Kansas.

Symantec doesn’t typically point fingers at particular nations in its research on cyberattacks, said Eric Chien, technical director of Symantec’s Security Technology and Response division, though he said his team doesn’t see anything it would disagree with in the new federal report. The government report appears to corroborate Symantec’s research, showing that the hackers had penetrated computers and accessed utility control rooms that would let them directly manipulate power systems, he says.

“There were really no more technical hurdles for them to do something like flip off the power,” he said.

And as for the group behind the attacks, Chien said it appears to be relatively dormant for now, but it has gone quiet in the past only to return with new hacks.

“We expect they’re sort of retooling now, and they likely will be back,”

In some cases, Dragonfly successfully broke into the core systems that control US and European energy companies, Symantec revealed.

“The energy sector has become an area of increased interest to cyber-attackers over the past two years,” Symantec said in its report.

“Most notably, disruptions to Ukraine’s power system in 2015 and 2016 were attributed to a cyberattack and led to power outages affecting hundreds of thousands of people. In recent months, there have also been media reports of attempted attacks on the electricity grids in some European countries, as well as reports of companies that manage nuclear facilities in the US being compromised by hackers.

“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so. Symantec customers are protected against the activities of the Dragonfly group.”

In recent weeks, senior US intelligence officials said that the Kremlin believes it can launch hacking operations against the West with impunity, including a cyber weapon that can disrupt power grids, according to assessments.

The DHS and FBI report further elaborated: “This campaign comprises two distinct categories of victims: staging and intended targets. The initial victims are peripheral organisations such as trusted third-party suppliers with less-secure networks, referred to as ‘staging targets’ throughout this alert.

“The threat actors used the staging targets’ networks as pivot points and malware repositories when targeting their final intended victims. National Cybersecurity and Communications Integration Center and FBI judge the ultimate objective of the actors is to compromise organisational networks, also referred to as the ‘intended target’.”

According to the US alert, hackers used a variety of attack methods, including spear-phishing emails, watering-hole domains, credential gathering, open source and network reconnaissance, host-based exploitation, and deliberate targeting of ICS infrastructure.

The attackers also targeted VPN software and used password cracking tools.

Once inside, the attackers downloaded tools from a remote server and then carried out a number of actions, including modifying key systems to store plaintext credentials in memory, and built web shells to gain command and control of targeted systems.

“This actors’ campaign has affected multiple organisations in the energy, nuclear, water, aviation, construction and critical manufacturing sectors, with hundreds of victims across the U.S. power grid confirmed,” the DHS said, before outlining a number of steps that IT managers in infrastructure organisations can take to cleanse their systems and defend against Russian hackers. he said.
 

Related News

• Electricity Forum News

• Grid Technologies News

Russian cyberattacks on U.S. power grid exposed DHS warnings: Dragonfly/Energetic Bear breached control rooms, ICS networks, and could trigger blackouts via switch manipulation, phishing, and malware, threatening critical infrastructure and utility operations nationwide.

Key Points

State-backed breaches of utility ICS and control rooms enabled potential switch manipulation and blackouts.

✅ DHS: Dragonfly/Energetic Bear breached utility networks

✅ Access reached control rooms and ICS for switch control

✅ Ongoing campaign via phishing, malware, lateral movement

Russian hackers for a state-sponsored organization invaded hundreds of control rooms of U.S. electric utilities that could have led to blackouts, a new report says.

The group, known as Dragonfly or Energetic Bear, infiltrated networks of U.S. utilities as part of an effort that is likely ongoing, Department of Homeland Security officials told the Wall Street Journal.

Jonathan Home, chief of industrial-control-system analysis for DHS, said the hackers “got to the point where they could have thrown switches” and upset power flows.

Although the agency did not disclose which companies were impacted, the officials at a briefing Monday said that there were “hundreds of victims” including breaches at power plants across the U.S., and that some companies may not be aware that hackers infiltrated their networks yet.

According to experts, Russia has been preparing for such attacks for some time now, prompting a renewed focus on protecting the grid among utilities and policymakers.

“They’ve been intruding into our networks and are positioning themselves for a limited or widespread attack,” said former Deputy Assistant Defense Secretary Michael Carpenter, now senior director at the Penn Biden Center at the University of Pennsylvania, per the Wall Street Journal. “They are waging a covert war on the West.”

Earlier this year, the Trump administration claimed Russia had staged a power grid hacking campaign against the U.S. energy grid and other U.S. infrastructure.

The report comes after President Trump told reporters last week during a joint press conference in Helsinki alongside Russian President Vladimir Putin that he had no reason not to believe the Russian leader's assurances to him that the Kremlin was not to blame for interference in the election.

Trump later admitted that he misspoke when he said he didn’t “see any reason why” Russia would have meddled in the 2016 election, and said he believes the U.S. intelligence community assessment that found that the Russian government did interfere in the electoral process.

Related News

• Electricity Forum News

• Grid Technologies News

U.S. Power Grid Cybersecurity combats DHS-FBI flagged threats to energy infrastructure, with PJM Interconnection using ICS/SCADA segmentation, phishing defenses, incident response, and resilience exercises against Russia-linked attacks and pipeline intrusions.

Key Points

Strategies, controls, and training that protect U.S. electric infrastructure from cyber threats and disruptions.

✅ ICS/SCADA network segmentation and zero-trust architecture

✅ Employee phishing drills and incident response playbooks

✅ DOE-led grid exercises and threat intelligence sharing

The joint alert from the FBI and Department of Homeland Security last month warning that Russia was hacking into critical U.S. energy infrastructure, as outlined in six essential reads on Russian hacks from recent coverage, came as no surprise to the nation’s largest grid operator, PJM Interconnection.

“You will never stop people from trying to get into your systems. That isn’t even something we try to do.” said PJM Chief Information Officer, Tom O’Brien. “People will always try to get into your systems. The question is, what controls do you have to not allow them to penetrate? And how do you respond in the event they actually do get into your system?”

PJM is the regional transmission organization for 65 million people, covering 13 states, including Pennsylvania, and Washington D.C.

On a rainy day in early April, about 10 people were working inside PJM’s main control center, outside Philadelphia, closely monitoring floor-to-ceiling digital displays showing real-time information from the electric power sector throughout PJM’s territory in the mid-Atlantic and parts of the midwest, amid reports that hackers accessed control rooms at U.S. utilities.

#google#

Donnie Bielak, a reliability engineering manager, was overseeing things from his office, perched one floor up.

“This is a very large, orchestrated effort that goes unnoticed most of the time,” Bielak said. “That’s a good thing.”

But the industry certainly did take notice in late 2015 and early 2016, when hackers successfully disrupted power to the Ukrainian grid. The outages lasted a few hours and affected about 225,000 customers. It was the first publicly-known case of a cyber attack causing major disruptions to a power grid. It was widely blamed on Russia.

One of the many lessons of the Ukraine attacks was a reminder to people who work on critical infrastructure to keep an eye out for odd communications.

“A very large percentage of entry points to attacks are coming through emails,” O’Brien said. “That’s why PJM, as well as many others, have aggressive phishing campaigns. We’re training our employees.”

O’Brien doesn’t want to get into specifics about how PJM deals with cyber threats. But one common way to limit exposure is by having separate systems: For example, industrial controls in a power plant are not connected to corporate business networks, a separation underscored after breaches at U.S. power plants prompted reviews across the sector.

Since 2011, North American grid operators and government agencies have also done large, security exercises every two years. Thousands of people practice how they’d respond to a coordinated physical or cyber event, including rising substation attacks that highlight resilience gaps.

So far, nothing like that has happened in the U.S. It’s possible, but not likely, according to Robert M. Lee, a former military intelligence analyst, who runs the industrial cybersecurity firm Dragos.

“The more complex the system, the harder it is to have a scalable attack,” said Lee, who co-authored a report analyzing the Ukraine attacks. “If you wanted to take out a power generation station– that isn’t the most complex thing. Let’s say you cause an hour of outage. But now you want to cause two months of outages? That’s an exponential increase in effort required.”

For example, he said, it would very difficult for hackers to knock out power to the entire east coast for a long time. But briefly disrupting a major city is easier. That’s the sort of thing that keeps him up at night.

“I worry about an adversary getting into, maybe, Washington D.C.’s portion of the grid, taking down power for 30 minutes,” he said.

The Department of Energy is creating a new office focused on cybersecurity and emergency response, following the U.S. government’s condemnation of power grid hacking by Russia.

Deterrence may be one reason why there has not yet been a major attack on the U.S. grid, said John MacWilliams, a former senior DOE official who’s now a fellow at Columbia University’s Center on Global Energy Policy.

“That’s obviously an act of war,” he said. “We have the capability of responding either through cyber mechanisms or kinetic military.”

In the meantime, small-scale incidents keep happening.

This spring, another cyber attack targeted natural gas pipelines. Four companies shut down their computer systems, just in case, but they say no service was disrupted.

Related News

• Electricity Forum News

• Grid Technologies News

Northeast D.C. Power Outage highlights Pepco substation equipment failure, widespread service disruptions, grid reliability concerns, and restoration efforts, with calls for smart grid upgrades, better communication, and resilient infrastructure to protect residents, schools, and businesses.

Key Points

A Pepco substation failure caused outages, prompting restoration work and plans for smarter, resilient grid upgrades.

✅ Pepco cites substation equipment failure as root cause

✅ Crews prioritized rapid restoration and customer updates

✅ Calls grow for smart grid, resilience, and transparency

A recent power outage affecting Northeast Washington, D.C., has drawn attention to the vulnerabilities within the city’s energy infrastructure. The outage, caused by equipment failure at a Pepco substation, left thousands of residents in the dark and raised concerns about the reliability of electricity services in the area.

The Outage: What Happened?

On a typically busy weekday morning, Pepco, the local electric utility, reported significant power disruptions that affected several neighborhoods in Northeast D.C. Initial reports indicated that around 3,000 customers were without electricity due to issues at a nearby substation. The outages were widespread, impacting homes, schools, and businesses, and reflecting pandemic energy insecurity seen in many communities, creating a ripple effect of inconvenience and frustration.

Residents experienced not only the loss of power but also disruptions in daily activities. Many were unable to work from home, students faced challenges with remote learning, and businesses had to close or operate under limited conditions. The timing of the outage further exacerbated the situation, as it coincided with a period of increased demand for electricity, making efforts to prevent summer outages even more crucial for residents and businesses.

Community Response

In the wake of the outage, local community members and leaders quickly mobilized to assess the situation. Pepco crews were dispatched to restore power as swiftly as possible, but residents were left grappling with the immediate consequences. Local organizations and community leaders stepped in to provide support, especially as extreme heat can exacerbate electricity struggles for vulnerable households, offering resources such as food and shelter for those most affected.

Social media became a vital tool for residents to share information and updates about the situation. Many took to platforms like Twitter and Facebook to report their experiences and seek assistance. This grassroots communication helped keep the community informed and fostered a sense of solidarity during the disruption.

The Utility's Efforts

Pepco’s response involved not only restoring power but also addressing the underlying issues that led to the outage. The utility company communicated its commitment to investigating the cause of the equipment failure and ensuring that similar incidents would be less likely in the future. As part of this commitment, Pepco outlined plans for infrastructure upgrades, despite supply-chain constraints facing utilities nationwide, aimed at enhancing reliability across its service area.

Moreover, Pepco emphasized the importance of communication during outages. The company has been working to improve its notification systems, ensuring that customers receive timely updates about outages and restoration efforts. Enhanced communication can help mitigate the frustration experienced during such events and keep residents informed about when they can expect power to be restored.

Broader Implications for D.C.'s Energy Infrastructure

This recent outage has sparked a larger conversation about the resilience of Washington, D.C.’s energy infrastructure. As the city continues to grow and evolve, the demand for reliable electricity is more critical than ever. Frequent outages can undermine public confidence in utility providers and highlight the need for ongoing investment in infrastructure amid an aging U.S. grid that complicates renewable deployment and EV adoption across the country.

Experts suggest that to ensure a more reliable energy supply, utilities must embrace modernization efforts, including the integration of smart grid technology and renewable energy sources. These innovations can enhance the ability to manage electricity supply and demand, especially during unprecedented demand in the Eastern U.S. when heatwaves strain systems, reduce outages, and improve response times during emergencies.

The Path Forward

In response to the outage, community advocates are calling for greater transparency from Pepco and other utility companies. They emphasize the importance of holding utilities accountable for maintaining reliable service and communicating effectively with customers, while also promoting customer bill-reduction initiatives that help households manage costs. Public forums and discussions about energy policy can empower residents to voice their concerns and contribute to solutions.

As D.C. looks to the future, it is essential to prioritize investments in energy infrastructure that can withstand the demands of a growing population. Collaborations between local government, utility companies, and community organizations can drive initiatives aimed at enhancing resilience and ensuring that all residents have access to reliable electricity.

The recent power outage in Northeast D.C. serves as a reminder of the challenges facing urban energy infrastructure. While Pepco's efforts to restore power and improve communication are commendable, the incident highlights the need for long-term solutions to enhance reliability. By investing in modern technology and fostering community engagement, D.C. can work towards a more resilient energy future, ensuring that residents can count on their electricity service even in times of crisis.

Related News

• Electricity Forum News

• Energy Policy News

UK Free Electricity Debate weighs soaring energy prices against market regulation, renewables, and social equity, examining price caps, funding via windfall taxes, grid investment, and consumer protection in the UK's evolving energy policy landscape.

Key Points

A policy dispute over free power, balancing consumer relief with market stability, renewables, and investment.

✅ Pros: relief for households; boosts efficiency and green adoption.

✅ Cons: risks to market signals, quality, and grid investment.

✅ Policy options: price caps, windfall taxes, targeted subsidies.

In recent months, the debate over free electricity in the UK has intensified, revealing a divide within the energy sector. With soaring energy prices and economic pressures impacting consumers, the discussion around providing free electricity has gained traction. However, the idea has sparked significant controversy among industry stakeholders, each with their own perspectives on the feasibility and implications of such a move.

The Context of Rising Energy Costs

The push for free electricity is rooted in the UK’s ongoing energy crisis, exacerbated by geopolitical tensions, supply chain disruptions, and the lingering effects of the COVID-19 pandemic. As energy prices reached unprecedented levels, households faced the harsh reality of skyrocketing bills, prompting calls for government intervention to alleviate financial burdens.

Supporters of free electricity argue that it could serve as a vital lifeline for struggling families and businesses. The proposal suggests that by providing a certain amount of electricity for free, the government could help mitigate the effects of rising costs while encouraging energy conservation and efficiency.

Industry Perspectives

However, the notion of free electricity has not been universally embraced within the energy sector. Some industry leaders express concerns about the financial viability of such a scheme. They argue that providing free electricity could undermine the market dynamics that incentivize investment in infrastructure and renewable energy, in a market already exposed to natural gas price volatility today. Critics warn that if energy companies are forced to absorb costs, it could lead to diminished service quality and investment in necessary advancements.

Additionally, there are worries about how free electricity could be funded. Proponents suggest that a tax on energy companies could generate the necessary revenue, but opponents question whether this would stifle innovation and competition. The fear is that placing additional financial burdens on energy providers could ultimately lead to higher prices in the long run.

Renewable Energy and Sustainability

Another aspect of the debate centers around the UK’s commitment to transitioning to renewable energy sources. Supporters of free electricity emphasize that such a policy could encourage more widespread adoption of green technologies by making energy more accessible. They argue that by removing the financial barriers associated with energy costs, households would be more inclined to invest in solar panels, heat pumps, and other sustainable solutions.

On the other hand, skeptics contend that the focus should remain on ensuring a stable and reliable energy supply as the UK moves toward its climate goals. They caution against implementing policies that might disrupt the balance of the energy market, potentially hindering the necessary investments in renewable infrastructure.

Government's Role

As discussions unfold, the government’s role in this debate is crucial. Policymakers must navigate the complex landscape of energy regulation, market dynamics, and consumer needs. The government has already introduced measures aimed at assisting vulnerable households, such as energy price caps and direct financial support. However, the question remains whether these initiatives go far enough in addressing the root causes of the energy crisis.

In this context, the government faces pressure from both consumers demanding relief and industry leaders advocating for market stability, including proposals to end the link between gas and electricity prices to curb price volatility. The challenge lies in finding a middle ground that balances immediate support for households with long-term sustainability and investment in the energy sector.

Future Implications

The ongoing debate about free electricity in the UK underscores broader themes related to energy policy, market regulation, and social equity, with rising electricity prices abroad offering context for comparison. As the country navigates its energy transition, the decisions made today will have far-reaching implications for both consumers and the industry.

If the government chooses to pursue a model that includes free electricity, it will need to carefully consider how to implement such a system without jeopardizing the market. Transparency, stakeholder engagement, and thorough impact assessments will be essential to ensure that any new policies are sustainable and equitable.

Conversely, if the concept of free electricity is ultimately rejected, the focus will likely shift back to addressing energy costs through other means, such as enhancing energy efficiency programs or increasing support for vulnerable populations.

The divide within the UK’s energy industry regarding free electricity highlights the complexities of balancing consumer needs with market stability. As the energy crisis continues to unfold, the conversations surrounding this issue will remain at the forefront of public discourse. Ultimately, finding a solution that addresses the immediate challenges while promoting a sustainable energy future will be key to navigating this critical juncture in the UK’s energy landscape.

Related News

• Electricity Forum News

• Energy Policy News

ComEd Hosting Capacity Map helps Illinois communities assess photovoltaic capacity, distributed energy resources, interconnection limits, and grid planning needs, guiding developers and policymakers on siting solar, net metering feasibility, and RPS-aligned deployment by circuit.

Key Points

An online tool showing circuit-level DER capacity, PV limits, and interconnection readiness across ComEd.

✅ Circuit-level estimates of solar hosting capacity

✅ Guides siting, interconnection, and net metering

✅ Supports RPS goals with grid planning insights

As the Illinois solar market grows from the Future Energy Jobs Act, the largest utility in the state has posted a planning tool to identify potential PV capacity in their service territory. ComEd, a Northern Illinois subsidiary of Exelon, has a hosting capacity website for its communities indicating how much photovoltaic capacity can be sited in given areas, based on the existing electrical infrastructure, as utilities pilot virtual power plant programs that leverage distributed resources.

According to ComEd’s description, “Hosting Capacity is an estimate of the amount of DER [distributed energy resources] that may be accommodated under current configurations at the overall circuit level without significant system upgrades to address adverse impacts to power quality or reliability.” This website will enable developers and local decision makers to estimate how much solar could be installed by township, sections and fractions of sections as small as ½ mile by ½ mile and to gauge EV charging impacts with NREL's projection tool for distribution planning. The map sections indicate potential capacity by AC kilowatts with a link to to ComEd’s recently upgraded Interconnection and Net Metering homepage.

The Hosting Map can provide insight into how much solar can be installed in which locations in order to help solar reach a significant portion of the Illinois Renewable Portfolio Standard (RPS) of 25% electricity from renewable sources by 2025, and to plan for transportation electrification as EV charging infrastructure scales across utility territories. For example, the 18 sections of Oak Park Township capacity range from 612 to 909 kW, and total 13,260 kW of photovoltaic power. That could potentially generate around 20 million kWh, and policy actions such as the CPUC-approved PG&E EV program illustrate how electrification initiatives may influence future demand. Oak Park, according to the PlanItGreen Report Card, a joint project of the Oak Park River Forest Community Foundation and Seven Generations Ahead, uses about 325 million kWh.

Based on ComEd’s Hosting Capacity, Oak Park could generate about 6% of its electricity from solar power located within its borders. Going significantly beyond this amount would likely require a combination of upgrades by ComEd’s infrastructure, potentially higher interconnection costs and deployment of technologies like energy storage solutions. What this does indicate is that a densely populated community like Oak Park would most likely have to get the majority of its solar and renewable electricity from outside its boundaries to reach the statewide RPS goal of 25%. The Hosting Capacity Map shows a considerable disparity among communities in ½ mile by ½ mile sections with some able to host only 100-200 kWs to some with capacities of over 3,000 kW.

Related News

• Electricity Forum News

• Renewable Energy News