Jen Easterly: We see evolving information about Russian planning for possible attacks. And we have to assume that there will be a violation. There will be an incident. There will be an attack. Jen Easterly is the Director of Cyber Security and Infrastructure Security. Known by the acronym CISA, the organization helps secure computer networks in 16 areas considered vital to national security, such as energy, finance and communications. Jen Easterly: Anything that can affect critical infrastructure. Jen Easterly Easterly is not your typical bureaucrat. She is a decorated, retired army officer with two bronze stars, which is also decorated with a tattoo and nails painted in the colors of the Ukrainian flag – she is a technician with serious steaks. A West Point graduate and Rhodes Fellow, he was a member of the National Security Service’s elite hacking team and went on to help establish the administration’s cyber-administration. Bill Whitaker: When you have someone like Vladimir Putin who just doesn’t seem to care about the rules, how do you protect yourself from that? When you have someone like Vladimir Putin who just does not seem to care about the rules, how do you protect yourself from it? Jen Easterly: I think we are dealing with a very dangerous, very sophisticated, well-resourced actor in cyberspace. And that’s why we call everyone steady, shields. What does this mean? It means assume that there will be hacking activity in cyberspace and make sure you are prepared for it. It has taken to social media to encourage industry to share information with the government to defend itself against cyberattacks and calls on all Americans to put their shields on updating software and using multi-factor authentication on computers and phones. Jen Easterly: I’m a big fan of Star Trek, so “Shields Up!” And indeed it has caught on – something is all about preparation, not panic. Bill Whitaker: Is there one area that worries you most about others? Jen Easterly: We know that energy, which is aimed at the energy sector, is part of the Russian game book. But also funding, given possible retaliatory attacks for the very severe sanctions that the US and our allies have imposed and continue to impose. Bill Whitaker: If I’m sitting at home watching it, why worry about a cyber attack? Jen Easterly: What you do, hour by hour, depends heavily on critical infrastructure. How you get gas at the local pump, how you get food at the grocery store, how you get money from your ATM, how you get your electricity, how you get your water, how you communicate – all of these are our critical infrastructure. And this is what we say is at potential risk for a Russian malicious cyber attack. Robert Lee: There was only one country out there that really had the know-how to abolish electricity systems, and that is Russia. Robert Lee Robert Lee – another former NSA hacker – is the co-founder of Dragos, a cybersecurity company. He is known as the magician of the dark arts of cyberwarfare, specializing in the defense of critical infrastructure. In 2015 he investigated an incident in Ukraine, the most devastating cyber attack on civilian infrastructure the world has ever seen. Bill Whitaker: What – what did you find? Robert Lee: The Russian state invaded three different electricity companies throughout Ukraine, probably about six months before the actual attack. So they came in in the summer, got in their place and started learning how to operate these systems. As a result, they disconnected more than 60 substations across Ukraine and blacked out about 225,000 customers during the winter. Everything was done remotely from this building in Moscow by hackers of the GRU military intelligence service. The Ukrainians had to send workers to the damaged substations to manually restart each one. A year later, Lee says, the GRU hackers came back with a much more sophisticated attack – a piece of malware that could cripple multiple transmissions at the touch of a button. Bill Whitaker: What did it mean that Russia could do that? Robert Lee: It was a shock to everyone, because there are a lot of theories about how you could do that. People in my community on the cyber security side have been talking about this for as long as possible. But seeing it really turn out to be a huge proof that you can do it. And we also know that now they are brave enough to do so. Bill Whitaker: Could the Russians do the same thing here in the US? Robert Lee: Absolutely. In recent years, Lee’s cybersecurity company, Dragos, has been tracking the same GRU hacking team – known to researchers as “Sandworm” – by installing malware and investigating power companies here in the United States. Robert Lee: There were about a dozen electricity companies that ended up being breached in the 2014-2015 time frame by the same group that ended up breaking down the electricity system in Ukraine. In the summer of 2017, Russian hackers launched a more daring and potentially far more dangerous attack – this time on Petro Rabigh, a huge oil refinery along the Red Sea in Saudi Arabia. On Friday night in August, a security system shut down the entire plant. Julian Gutmanis was working on cyber security for Saudi oil giant Aramco and rushed to the scene to investigate. Bill Whitaker: Were you worried about what you saw? Julian Gutmanis: At that stage, yes, yes. So why would anyone watch security systems on a weekend night? It just is not normal. What Gutmanis discovered prevented him. someone had broken the emergency shutdown system and had installed suspicious computer files. Julian Gutmanis: The files were created and executed – you know, just before – the initial shutdown we met. Bill Whitaker: Were you able to spot it? Julian Gutmanis: Forensic, yes. I came across a function defined there called “execute exploit”. The hair stood on my hands and I said, “This is probably something very serious.” Usually you do not have the word “exploit” – in a regular type of vendor software. Bill Whitaker: Well – did that ring the alarm? Julian Gutmanis: Oh, huge alarms. And it really made us focus on, “How did these files come about? Where did they come from? Who created them? And – and what do we do? What are they trying to do?” Julian Gutmannis Gutmanis now works for Robert Lee at Dragos, who also researched the hack. Lee says hackers could have set off explosions and released toxic chemicals with the malware they implanted, known as Triton. Robert Lee: This is the first time in history that we have seen a cyber attack explicitly designed to kill people. Aims at security systems. And these security systems exist only to protect lives. Therefore, by following this system explicitly, the only reason to do so is to hurt people. What happened is that they made a small mistake in the software that instead of actually causing the results they were trying to achieve, like an explosion where you would kill people, instead of just shutting down the factory. Lisa Monaco: The Russians are a serious and persistent threat. As the second high-ranking official in the Ministry of Justice, Deputy Attorney General Lisa Monaco oversees the FBI and its 1,000-strong cyber division. Three weeks ago, the department unveiled two secret indictments: one describing how Triton worked and identifying Evgeny Gladkikh, from a Russian Defense Ministry research institute, as one of the hackers. The second indictment says that between 2012 and 2017, three Russian intelligence agents and accomplices hacked hundreds of energy companies around the world and managed to break into a computer network at a nuclear plant in Kansas. Lisa Monaco: This was a historic activity. But it’s very much the kind of activity we’re warning about today when it comes to Russia’s response to the world’s response to the horror in Ukraine. Bill Whitaker: What’s happening now? Do you see Russian activity – Russian conspiracies to disrupt our infrastructure? Lisa Monaco: We see Russian government agents sweeping, exploring, looking for opportunities, looking for weaknesses in our systems in vital infrastructure, in business. Think of it, Bill, as a burglar wandering around trying to move the lock on your door to see if it is open. And we see it. Lisa Monaco Earlier this month, Monaco teamed up with Attorney General Merrick Garland and FBI Director Christopher Wray to announce that the United States had launched a daring operation to stop Russian hackers as they prepared to strike. Lisa Monaco: We are talking about military intelligence agents, who develop malware, malicious code, on thousands of computers in hundreds of countries. We see them develop this code and take control of these computers. It’s like an army of infected computers that, with a single command, can be deployed to do everything from gathering information, stealing information and sometimes having disastrous consequences. U.S. too…
