This week’s alert that Russian hackers targeted U.S. power and water plants should be taken seriously, but doesn’t mean there’s an imminent threat to California’s critical infrastructure, including nuclear facilities, according to the state’s top emergency manager.
“The Russian government does not have the codes to all of our nuclear power plants or our systems,” Mark Ghilarducci, California’s Office of Emergency Services Director, told Capital Public Radio on Friday.
He called it instead an “affirmation” that Russia and other states are using cyber pathways to find vulnerabilities in U.S. systems.
Ghilarducci called for all sectors, from governments to businesses to individuals, to create a “culture of cyber preparedness.”
The Department of Homeland Security issued the warning on Thursday. It said Russian government cyber actors gained access to networks within the nation’s energy sector by sending fraudulent emails, known as phishing, and using malware.
Ghilarducci said the federal government has been sharing information about this operation with state officials since last July.
California has only one active nuclear plant, Diablo Canyon near San Luis Obispo. Ghilarducci said the core functions of nuclear plants are not connected to the internet.
A spokesman for Pacific Gas & Electric, which owns and operates Diablo Canyon, declined to discuss the threat or security measures in detail.
Instead, the private utility issued the following statement that cybersecurity is a priority, and that they take any threat very seriously.
The Edison Electric Institute, which represents all U.S. investor-owned electric companies, said in a statement this week the Russian targeting “did not have operational impacts.”