In the current D.C. climate on Russia, all relevant journalistic incentives encourage and reward false news.
Fake News: This narrative was false and as the chronology below will show, illustrates how effectively false and misleading news can ricochet through the global news echo chamber through the pages of top tier newspapers that fail to properly verify their facts.
Kalev Leetaru writes: On Friday the Washington Post sparked a wave of fear when it ran the breathless headline “Russian hackers penetrated U.S. electricity grid through a utility in Vermont, U.S. officials say.” The lead sentence offered “A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials” and continued “While the Russians did not actively use the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter, the penetration of the nation’s electrical grid is significant because it represents a potentially serious vulnerability.”
“From Russian hackers burrowed deep within the US electrical grid, ready to plunge the nation into darkness at the flip of a switch, an hour and a half later the story suddenly became that a single non-grid laptop had a piece of malware on it and that the laptop was not connected to the utility grid in any way.”
Yet, it turns out this narrative was false and as the chronology below will show, illustrates how effectively false and misleading news can ricochet through the global news echo chamber through the pages of top tier newspapers that fail to properly verify their facts.
“Only after numerous outlets called out the Post’s changes did the newspaper finally append an editorial note at the very bottom of the article more than half a day later saying ‘An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.’”
The original article was posted online on the Washington Post’s website at 7:55PM EST. Using the Internet Archive’s Wayback Machine, we can see that sometime between 9:24PM and 10:06PM the Post updated the article to indicate that multiple computer systems at the utility had been breached (“computers” plural), but that further data was still being collected: “Officials said that it is unclear when the code entered the Vermont utility’s computers, and that an investigation will attempt to determine the timing and nature of the intrusion.” Several paragraphs of additional material were added between 8PM and 10PM, claiming and contextualizing the breach as part of a broader campaign of Russian hacking against the US, including the DNC and Podesta email breaches.
“Just as with the Santa Claus and the dying child story, the Post story went viral and was widely reshared, leading to embarrassing situations like CNBC tweeting out the story and then having to go back and retract the story.”
Despite the article ballooning from 8 to 18 paragraphs, the publication date of the article remained unchanged and no editorial note was appended, meaning that a reader being forwarded a link to the article would have no way of knowing the article they were seeing was in any way changed from the original version published 2 hours prior.
Yet, as the Post’s story ricocheted through the politically charged environment, other media outlets and technology experts began questioning the Post’s claims and the utility company itself finally issued a formal statement at 9:37PM EST, just an hour and a half after the Post’s publication, pushing back on the Post’s claims: “We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding.”
“Particularly fascinating that the original Post story mentioned that there were only two major power utilities in Vermont and that Burlington Electric was one of them, meaning it would have been easy to call both companies for comment.”
From Russian hackers burrowed deep within the US electrical grid, ready to plunge the nation into darkness at the flip of a switch, an hour and a half later the story suddenly became that a single non-grid laptop had a piece of malware on it and that the laptop was not connected to the utility grid in any way.
However, it was not until almost a full hour after the utility’s official press release (at around 10:30PM EST) that the Post finally updated its article, changing the headline to the more muted “Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say” and changed the body of the article to note “Burlington Electric said in a statement that the company detected a malware code used in the Grizzly Steppe operation in a laptop that was not connected to the organization’s grid systems. The firm said it took immediate action to isolate the laptop and alert federal authorities.” Yet, other parts of the article, including a later sentence claiming that multiple computers at the utility had been breached, remained intact.
“One driving force of fake news is that as much of 60% of the links shared on social media are shared based on the title alone, with the sharer not actually reading the article itself. Thus, the title assigned to an article becomes the story itself and the Post’s incorrect title meant that the story that spread virally through the national echo chamber was that the Russians had hacked into the US power grid.”
The following morning, nearly 11 hours after changing the headline and rewriting the article to indicate that the grid itself was never breached and the “hack” was only an isolated laptop with malware, the Post still had not appended any kind of editorial note to indicate that it had significantly changed the focus of the article.
This is significant, as one driving force of fake news is that as much of 60% of the links shared on social media are shared based on the title alone, with the sharer not actually reading the article itself. Thus, the title assigned to an article becomes the story itself and the Post’s incorrect title meant that the story that spread virally through the national echo chamber was that the Russians had hacked into the US power grid.
Only after numerous outlets called out the Post’s changes did the newspaper finally append an editorial note at the very bottom of the article more than half a day later saying “An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.”
Yet, even this correction is not a true reflection of public facts as known. The utility indicated only that a laptop was found to contain malware that has previously been associated with Russian hackers. Read the rest of this entry »
Peter Vincent Pry, executive director of the Task Force on National and Homeland Security and director of the U.S. Nuclear Strategy Forum, both congressional advisory boards, said the technology to avoid disaster from electromagnetic pulses exists, and upgrading the nation’s electrical grid is financially viable.
“The problem is not the technology,” Pry said. “We know how to protect against it. It’s not the money, it doesn’t cost that much. The problem is the politics. It always seems to be the politics that gets in the way.”
He said the more officials plan, the lower the estimated cost gets.
“If you do a smart plan — the Congressional EMP Commission estimated that you could protect the whole country for about $2 billion,” Pry told Watchdog.org. “That’s what we give away in foreign aid to Pakistan every year.”
In the first few minutes of an EMP, nearly half a million people would die. That’s the worst-case scenario that author William R. Forstchen estimated in 2011 would be the result of an EMP on the electric grid — whether by an act of God, or a nuclear missile detonating in Earth’s upper atmosphere.
An electromagnetic pulse is a burst of electromagnetic energy strong enough to disable, and even destroy, nearby electronic devices.
The scenario sounds like something in a Hollywood film, but the U.S. military has been preparing its electronic systems for such an event since the Cold War. The protective measures taken to harden facilities against a nuclear attack also help in some cases to protect against EMPs.
The civilian world is another story. Read the rest of this entry »
In Congress, the vulnerability of the power grid has emerged as among the most pressing domestic security concerns
For the LATimes, Evan Halper writes: Adam Crain assumed that tapping into the computer networks used by power companies to keep electricity zipping through transmission lines would be nearly impossible in these days of heightened vigilance over cybersecurity.
When he discovered how wrong he was, his work sent Homeland Security Department officials into a scramble.
Crain, the owner of a small tech firm in Raleigh, N.C., along with a research partner, found penetrating transmission systems used by dozens of utilities to be startlingly easy. After they shared their discovery with beleaguered utility security officials, the Homeland Security Department began sending alerts to power grid operators, advising them to upgrade their software.
The alerts haven’t stopped because Crain keeps finding new security holes he can exploit.
“There are a lot of people going through various stages of denial” about how easily terrorists could disrupt the power grid, he said. “If I could write a tool that does this, you can be sure a nation state or someone with more resources could.”
“Many of the grid’s important components sit out in the open, often in remote locations, protected by little more than cameras and chain-link fences.”
Those sorts of warnings, along with vivid demonstrations of the grid’s vulnerability, such as an incident a year ago in which unknown assailants fired on a power station near San Jose, nearly knocking out electricity to Silicon Valley, have grabbed official attention. In Congress, the vulnerability of the power grid has emerged as among the most pressing domestic security concerns.
It is also among the most vexing. Read the rest of this entry »
A sniper attack in April that knocked out an electrical substation near San Jose, Calif., has raised fears that the country’s power grid is vulnerable to terrorism. WSJ’s Rebecca Smith has the details.
Shane Harris reports: When U.S. officials warn about “attacks” on electric power facilities these days, the first thing that comes to mind is probably a computer hacker trying to shut the lights off in a city with malware. But a more traditional attack on a power station in California has U.S. officials puzzled and worried about the physical security of the the electrical grid–from attackers who come in with guns blazing.
Around 1:00 AM on April 16, at least one individual (possibly two) entered two different manholes at the PG&E Metcalf power substation, southeast of San Jose, and cut fiber cables in the area around the substation. That knocked out some local 911 services, landline service to the substation, and cell phone service in the area, a senior U.S. intelligence official told Foreign Policy. The intruder(s) then fired more than 100 rounds from what two officials described as a high-powered rifle at several transformers in the facility. Ten transformers were damaged in one area of the facility, and three transformer banks — or groups of transformers — were hit in another, according to a PG&E spokesman.
Cooling oil then leaked from a transformer bank, causing the transformers to overheat and shut down. State regulators urged customers in the area to conserve energy over the following days, but there was no long-term damage reported at the facility and there were no major power outages. There were no injuries reported. That was the good news. The bad news is that officials don’t know who the shooter(s) were, and most importantly, whether further attacks are planned.
“Initially, the attack was being treated as vandalism and handled by local law enforcement,” the senior intelligence official said. “However, investigators have been quoted in the press expressing opinions that there are indications that the timing of the attacks and target selection indicate a higher level of planning and sophistication.”
An electrical grid joint drill simulation is being planned in the United States, Canada and Mexico. Thousands of utility workers, FBI agents, anti-terrorism experts, governmental agencies, and more than 150 private businesses are involved in the November power grid drill.
The downed power grid simulation will reportedly focus on both physical and cyber attacks. The antiquated electrical system in the United States has been one of the most neglected pieces of integral infrastructure.
The EMP Commission, created by Congress, released a report in 2008 calling for increased planning and testing, and a stockpiling of needed repair items.