You may have read or seen on social media a Washington Post story published Friday which claimed that Russian hackers had hacked the U.S. power system via an electrical grid in Vermont.
Thatâs not what happened and the incident is not necessarily connected to the alleged Russian hack of the Democratic National Committee.
The Washington Post has since amended its story:
What actually happened is that a single laptop belonging to the Burlington Electric utility was found to be infected with malwareâsoftware intended to damage or disable computer systemsâ that originated in Russia.
The most important detail of this story is that the laptop in question was not connected to the electrical grid.Â
In other words, a laptop belonging to the organization responsible for maintaining the grid was infected, but not the computer networks controlling the grids.
Burlington Electric discovered that the laptop had been infected after the FBI and Department of Homeland Security issued a joint Thursday that included code believed to have been used by Russian hackers to penetrate the Democratic National Committee.
The utility scanned its own systems for evidence it had been infected with malware and discovered a single laptop had been compromised â again, one that was not connected to the electrical grid.Â
âWe detected the malware in a single Burlington Electric Department laptop not connected to our organizationâs grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding,â said Mike Kanarick, spokesperson for Burlington Electric in a statement posted online.
Burlington Electric is working with federal officials to trace how the code got into the laptop.
So did the Russians attack a laptop at a public utility, even if it wasnât connected to the electric grid?Â
Itâs possible, but not certain.Â
The malware found was certainly Russian made and related to the malware used to infiltrate the DNC. But that does not mean that it was used by Russians.
Malware, like any software, is bought and sold. It is not necessarily used by the same people who craft it.Â
Whatâs crucial is that we donât even know if the code was intended to disrupt the utility, or if hackers just wanted to test if they could penetrate the system. We also don’t know when the malware infected the laptop.Â
Ukraineâs intelligence community has vehemently blamed Russia for the attack, though it has not offered concrete proof to bolster its accusation. Given the political tension between the two nations, the accusation is not unrealistic, but there still is no smoking gun.
While the idea of foreign hackers targeting the national electrical grid in the United States is certainly scary, thereâs no evidence that it has already occurred, at least not in Vermont.
There is, of course, a serious risk to the electrical grid from a cyberattack, but that threat isnât as worrisome as policymakers, cybersecurity firms and others sometimes make it seem.