Russian Hackers Reach US Utility Control Rooms, Homeland Security Officials Say(wsj.com)
wsj.com
Russian Hackers Reach US Utility Control Rooms, Homeland Security Officials Say
https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110
40 comments
> This is nothing new, the US infrastructure has likely been compromised for quite some time
Just because something isn't new doesn't mean it can't be news.
"The well is poisoned!"
"Bob noticed that last week. Why are you still talking about this?
"..."
It's being discussed now. Better late than never.
Just because something isn't new doesn't mean it can't be news.
"The well is poisoned!"
"Bob noticed that last week. Why are you still talking about this?
"..."
It's being discussed now. Better late than never.
It's more like, "The well is poisoned and Bob noticed last week, but we can't fix the problem because then people go without drinking water for 2 weeks"
Things like Stuxnet show us that regardless of how true this story is or who in fact sponsored it, infrastructure compromise is a global game. I suspect this is part of what Russians are talking about when asking to negotiate on cyberwarfare. If this is indeed them, they may see such compromise operations as necessary for reciprocity for the NSA's known systemic compromise of systems around the world, which surely makes them feel threatened. A reciprocal compromise would allow them to respond tit-for-tat if attacked, and give them negotiating room for diplomatic resolution.
So let's hope it's correctly attributed and not some criminals with nothing to lose.
So let's hope it's correctly attributed and not some criminals with nothing to lose.
"So let's hope it's correctly attributed and not some criminals with nothing to lose."
This indeed. We can only hope it's the pros!
This indeed. We can only hope it's the pros!
“but actually shutting down key infrastructure like these scenarios suggest is an end game move that establishes the point of no return in global conflict.”
Sounds like you understand why then they’re reporting on this and regurgitating it over and over again. The public has the right to know if we’re on the brink of global conflict.
Nefarious actors are gaining privileged access to the power grid. Seems like a relevant thing to keep in the back of our minds in the event the power suddenly goes out.
Sounds like you understand why then they’re reporting on this and regurgitating it over and over again. The public has the right to know if we’re on the brink of global conflict.
Nefarious actors are gaining privileged access to the power grid. Seems like a relevant thing to keep in the back of our minds in the event the power suddenly goes out.
> The biggest question is not whether or not these facilities are compromised, it's whether or not a bad actor is going to use it for malicious purpose.
> Notice how the article is based entirely on "what ifs".
Doing something about the compromise issue would make your biggest question correspondingly less speculative, which is a good reason for discussing the scope for compromise, no matter how much you hate it.
> Notice how the article is based entirely on "what ifs".
Doing something about the compromise issue would make your biggest question correspondingly less speculative, which is a good reason for discussing the scope for compromise, no matter how much you hate it.
>The biggest question is not whether or not these facilities are compromised, it's whether or not a bad actor is going to use it for malicious purpose. It's one thing to shut down a website for the lols, it's another thing to overload a nuclear reactor and contaminate an entire chunk of the US.
This. Tons of stuff is compromised And if the Russians and Chinese are in our power plants we're in theirs too. Everyone can attack everyone else better than anyone can defend themselves. That's the nature of a highly asymmetrical form of warfare like that. Offense > defense (in the case of "cyber warfare").
>At this point it is a waiting game. Who is going to be the fellow to push the enter key on their keyboard that then causes a 7 digit number of people to go without power, clean water, or even be exposed to radiation?
Attribution is hard. Do you think the Israelis wouldn't attack us and make it look convincingly enough (for the talking heads and the general public) like Iran if it looked like our relations with Iran were about to thaw substantially in a way that was bad for them?
>It's understandable that countries feud and people just don't like each other, but actually shutting down key infrastructure like these scenarios suggest is an end game move that establishes the point of no return in global conflict.
Wars have started over a lot less. Nobody ever thinks what they're doing will be the final straw that starts the war.
This. Tons of stuff is compromised And if the Russians and Chinese are in our power plants we're in theirs too. Everyone can attack everyone else better than anyone can defend themselves. That's the nature of a highly asymmetrical form of warfare like that. Offense > defense (in the case of "cyber warfare").
>At this point it is a waiting game. Who is going to be the fellow to push the enter key on their keyboard that then causes a 7 digit number of people to go without power, clean water, or even be exposed to radiation?
Attribution is hard. Do you think the Israelis wouldn't attack us and make it look convincingly enough (for the talking heads and the general public) like Iran if it looked like our relations with Iran were about to thaw substantially in a way that was bad for them?
>It's understandable that countries feud and people just don't like each other, but actually shutting down key infrastructure like these scenarios suggest is an end game move that establishes the point of no return in global conflict.
Wars have started over a lot less. Nobody ever thinks what they're doing will be the final straw that starts the war.
I agree except for the last point.
The most aggressive states are USA, Israel, Saudi Arabia, UK and France while being (morally) supported by NATO allies.
They engage in overt and secret warfare because they can in order to meet some objective. They do not engage in war because they were attacked.
The most aggressive states are USA, Israel, Saudi Arabia, UK and France while being (morally) supported by NATO allies.
They engage in overt and secret warfare because they can in order to meet some objective. They do not engage in war because they were attacked.
[citation needed]?
Kosovo war. Iraq war. Libya war. Regime change in Ukraine. Syria war. Economic sanctions killing hundreds of thousands.
https://www.youtube.com/watch?v=omnskeu-puE
https://www.strategic-culture.org/news/2017/12/07/hague-trib...
https://www.youtube.com/watch?v=_scokGJga8c
https://www.youtube.com/watch?v=LsG32fkm6sE
https://youtu.be/MlNn1v4_Uf0?t=1600
https://www.youtube.com/watch?v=SLkL4Fj3jFw
https://www.globalresearch.ca/obamas-bombing-legacy/5569349
https://www.youtube.com/watch?v=aSIDgAAU4Ww
https://www.youtube.com/watch?v=GS2MMTMsdvM&t=21
https://www.youtube.com/watch?v=_fV-C1Ag5sI
https://www.youtube.com/watch?v=7UHYAfAFG_k&t=6
https://www.youtube.com/watch?v=omnskeu-puE
https://www.strategic-culture.org/news/2017/12/07/hague-trib...
https://www.youtube.com/watch?v=_scokGJga8c
https://www.youtube.com/watch?v=LsG32fkm6sE
https://youtu.be/MlNn1v4_Uf0?t=1600
https://www.youtube.com/watch?v=SLkL4Fj3jFw
https://www.globalresearch.ca/obamas-bombing-legacy/5569349
https://www.youtube.com/watch?v=aSIDgAAU4Ww
https://www.youtube.com/watch?v=GS2MMTMsdvM&t=21
https://www.youtube.com/watch?v=_fV-C1Ag5sI
https://www.youtube.com/watch?v=7UHYAfAFG_k&t=6
I won't comment on the rest, but as a Ukrainian living in the US (and thus keenly aware of both countries' politics), I object to seeing Ukraine in this list.
I won't argue more about this point on Hacker News, of all places; however providing un-annotated links to videos (and making others figure out where in the videos any of your claims are supported) surely can't be seen as an acceptable way to reason around here.
I won't argue more about this point on Hacker News, of all places; however providing un-annotated links to videos (and making others figure out where in the videos any of your claims are supported) surely can't be seen as an acceptable way to reason around here.
I have checked each of these links and this does not feel like reliable information.
Why not ? Why judge by feeling ?
Anyway, thanks for the courtesy of checking each link.
Anyway, thanks for the courtesy of checking each link.
Feeling is all I have in the end, sure it's backed up by what I have learned through the years but in the end the decisions I make are not only informed by my feelings but will also affect my feelings for the rest of my life.
I have a healthy distrust of my government (The US) and I know there have been travesties committed by just about all of the players. I want to be informed and am willing to do the research. I was pretty young during some of the conflicts you mentioned so I'm also brushing up on some of the history.
Which side do you align yourself with in the Kosovo war, it seems like it was a terrible ordeal for everyone involved?
I have a healthy distrust of my government (The US) and I know there have been travesties committed by just about all of the players. I want to be informed and am willing to do the research. I was pretty young during some of the conflicts you mentioned so I'm also brushing up on some of the history.
Which side do you align yourself with in the Kosovo war, it seems like it was a terrible ordeal for everyone involved?
I live in West-Europe. War is always the worst case involving all (non-)imaginable harm and misery.
I side with Syria/Russia in the war in Syria because the case is clear.
Protected by the Syrian army: https://www.unusualtraveler.com/damascus/
Destroyed by the opposition: https://en.wikipedia.org/wiki/Casualties_of_the_Syrian_Civil... and https://www.youtube.com/watch?v=y6omfaKhZL0 and https://www.youtube.com/watch?v=J0OeM0tFmFs
I side with no one in the past Kosovo war. The conflict was complicated and some conflict still remains in the region.
Some years ago, when I found out about the extent of propaganda and lies and often ignorance or lack of normal morality of the politicians and the media, I was shocked and angry.
After much time reading various sources and comment sections, one learns what to expect from the usual factions and actors and what is most likely true and what is story.
I side with Syria/Russia in the war in Syria because the case is clear.
Protected by the Syrian army: https://www.unusualtraveler.com/damascus/
Destroyed by the opposition: https://en.wikipedia.org/wiki/Casualties_of_the_Syrian_Civil... and https://www.youtube.com/watch?v=y6omfaKhZL0 and https://www.youtube.com/watch?v=J0OeM0tFmFs
I side with no one in the past Kosovo war. The conflict was complicated and some conflict still remains in the region.
Some years ago, when I found out about the extent of propaganda and lies and often ignorance or lack of normal morality of the politicians and the media, I was shocked and angry.
After much time reading various sources and comment sections, one learns what to expect from the usual factions and actors and what is most likely true and what is story.
I appreciate your candor, it seems like you transitioned from indignation to resignation in the course of a few comments. I bet that happens often.
I consider myself lucky to be a citizen of the US, but I recognize the propaganda and lies. It seems like the media in the US switched sometime in the late 80s to the early 90s from, perhaps slanted, but factual news coverage to sensationalist entertainment and we started down a very devisive path. Now my country is split into two main factions along with a few outliers. It's sad.
I don't trust Russia at all, but that might be simply because I'm a child of the cold war. That being said I don't feel trust when I think of Russia. Syria is another story, I wish I could travel back in time before this crisis happened and talk with people, but they would probably be distrustful towards me rather than candid.
I don't think that there is any real solution to the worlds problems in general, and even individual conflicts seem to have too many sides for any outsider to have any meaningful opinion.
I wish I was more upbeat, but there are things happening in my country which are so concerning that I don't sleep more than a few hours per night.
I consider myself lucky to be a citizen of the US, but I recognize the propaganda and lies. It seems like the media in the US switched sometime in the late 80s to the early 90s from, perhaps slanted, but factual news coverage to sensationalist entertainment and we started down a very devisive path. Now my country is split into two main factions along with a few outliers. It's sad.
I don't trust Russia at all, but that might be simply because I'm a child of the cold war. That being said I don't feel trust when I think of Russia. Syria is another story, I wish I could travel back in time before this crisis happened and talk with people, but they would probably be distrustful towards me rather than candid.
I don't think that there is any real solution to the worlds problems in general, and even individual conflicts seem to have too many sides for any outsider to have any meaningful opinion.
I wish I was more upbeat, but there are things happening in my country which are so concerning that I don't sleep more than a few hours per night.
Actually I was surprised that someone made the effort to check the links and write a reply instead of a down vote. I still spend some of time in forums in the hope to learn something new and to make it easy for other persons to learn something new.
Do not lose your sleep over political, military or economic decisions like e.g. the trade war. I am not sarcastic here. Is there something particular that makes you so concerned as US citizen ?
Regarding the USA in the past and meddling in the affairs of other states:
https://www.youtube.com/watch?v=-X3nmzkyoKM
https://en.wikipedia.org/wiki/Gulf_of_Tonkin_Resolution
http://www.informationclearinghouse.info/article41086.htm
IMO the political distinction between Democrats and Republicans is rather small. But Trump and his staff is different. IMO the election of Trump might be a good sign: US citizens want a different government.
Only 26% of eligible voters voted for Trump. https://mises.org/wire/26-percent-eligible-voters-voted-trum...
Unfortunately leftists try to change the Democrats from within instead of concentrating efforts to create a strong leftist 3rd party.
https://www.youtube.com/user/TYTComedy/videos
At least the USA got rid of Scott Pruitt as EPA administrator. A corrupt (IMO insane) climate change denier should have no place in politics and certainly not in the EPA. I was happy that both Democrats and Republicans wanted Pruitt out of office. Local politicians have still power in the USA. The US president might matter more for other states (war victims) than for US citizens. SolarCity, Tesla and SpaceX are famous US companies benefitting from US subsidies. This is a good thing that has already changed the world for the better. Even DARPA does very useful work regarding AI, medicin, neurotechnology, prosthetics and other domains. https://www.youtube.com/user/DARPAtv/videos
I do not know much about the Russian media but RT offers a lot of good information. E.g. information about the UK Skripal case. Maybe even Hillary Clinton would agree in secret: https://www.youtube.com/watch?v=L6sYB5d1Bu4&t=35
Do not lose your sleep over political, military or economic decisions like e.g. the trade war. I am not sarcastic here. Is there something particular that makes you so concerned as US citizen ?
Regarding the USA in the past and meddling in the affairs of other states:
https://www.youtube.com/watch?v=-X3nmzkyoKM
https://en.wikipedia.org/wiki/Gulf_of_Tonkin_Resolution
http://www.informationclearinghouse.info/article41086.htm
IMO the political distinction between Democrats and Republicans is rather small. But Trump and his staff is different. IMO the election of Trump might be a good sign: US citizens want a different government.
Only 26% of eligible voters voted for Trump. https://mises.org/wire/26-percent-eligible-voters-voted-trum...
Unfortunately leftists try to change the Democrats from within instead of concentrating efforts to create a strong leftist 3rd party.
https://www.youtube.com/user/TYTComedy/videos
At least the USA got rid of Scott Pruitt as EPA administrator. A corrupt (IMO insane) climate change denier should have no place in politics and certainly not in the EPA. I was happy that both Democrats and Republicans wanted Pruitt out of office. Local politicians have still power in the USA. The US president might matter more for other states (war victims) than for US citizens. SolarCity, Tesla and SpaceX are famous US companies benefitting from US subsidies. This is a good thing that has already changed the world for the better. Even DARPA does very useful work regarding AI, medicin, neurotechnology, prosthetics and other domains. https://www.youtube.com/user/DARPAtv/videos
I do not know much about the Russian media but RT offers a lot of good information. E.g. information about the UK Skripal case. Maybe even Hillary Clinton would agree in secret: https://www.youtube.com/watch?v=L6sYB5d1Bu4&t=35
cheers for all your links :)
So, had to re-read that article just in case there was new information, but even if all the speculation is true (probably) this does not support the claim that USA, Israel, Saudi Arabia, UK and France are the most aggressive cyber-combatants. Stuxnet was a targeted attack which accomplished a defensive goal. It is also unlikely that Saudi Arabia, the UK nor France had anything to do with this attack nor are there any claims of NATO support for the development of Stuxnet.
Meanwhile Russia is actively targeting political systems worldwide through social media and misinformation while also stockpiling latent backdoors and probably more.
Meanwhile Russia is actively targeting political systems worldwide through social media and misinformation while also stockpiling latent backdoors and probably more.
>actively targeting political systems worldwide through X
Sounds like what every big player is doing for centuries.
>while also stockpiling latent backdoors and probably more
Sounds like what every big player is doing for at least a couple decades, except for the US which does this since early 90s while having much wider reach (a lot of the infrastructure and most software/hardware companies with irreplaceable products are within US jurisdiction).
>Stuxnet was a targeted attack which accomplished a defensive goal
Stuxnet was deployed outside the US or Israel (where it was created) to destroy the foreign infrastructure. If you're going to call that defensive or preemptive, any attack on the US or Israel infrastructure can be justified as such by the attacker as well.
Sounds like what every big player is doing for centuries.
>while also stockpiling latent backdoors and probably more
Sounds like what every big player is doing for at least a couple decades, except for the US which does this since early 90s while having much wider reach (a lot of the infrastructure and most software/hardware companies with irreplaceable products are within US jurisdiction).
>Stuxnet was a targeted attack which accomplished a defensive goal
Stuxnet was deployed outside the US or Israel (where it was created) to destroy the foreign infrastructure. If you're going to call that defensive or preemptive, any attack on the US or Israel infrastructure can be justified as such by the attacker as well.
> actively targeting political systems worldwide through X >> Sounds like what every big player is doing for centuries.
This is traditionally an internal matter.
> Sounds like what every big player is doing
Perhaps, but I need citations before I can argue the case
>> any attack on the US or Israel infrastructure can be justified as such by the attacker as well.
Not really, this was to stall the Iranian nuclear program, Israel and the US is already a nuclear power. Any attack on our infrastructure would be solely to cause harm to noncombatants.
This is traditionally an internal matter.
> Sounds like what every big player is doing
Perhaps, but I need citations before I can argue the case
>> any attack on the US or Israel infrastructure can be justified as such by the attacker as well.
Not really, this was to stall the Iranian nuclear program, Israel and the US is already a nuclear power. Any attack on our infrastructure would be solely to cause harm to noncombatants.
Can you please provide the sources for the claim that this compromise has been widely known before?
I've had the gut feeling too, that utility control rooms have been compromised for a long time, but my gut feeling isn't the same as knowing and it isn't newsworthy either.
I've had the gut feeling too, that utility control rooms have been compromised for a long time, but my gut feeling isn't the same as knowing and it isn't newsworthy either.
For a long time it seems like these places have made things more secure by building fences, adding giant rocks, putting in lights and cameras, other physical security measures to keep threats off site. Hopefully at some point they will focus on the network side of things now. It's been obvious for at least a decade that one bad guy, or even a team of bad guys can take out a single location with a truck, but one bad guy or a team can take out a bunch of places with a computer. From what I've seen the utility industry has been defending against trucks.
Really? It'd be surprising if they hadn't.
I'd expect utilities to be one of the softest targets out there, based on prior interaction with the industry...
edit: About 8-10 years ago I used to collect news articles, reports to congress, etc, about ICS (industrial control systems, the superset of utilities) being hacked. It was regular, comprehensive, and depressing. The ICS industry was running 15-20 years behind in grasping the fact that hacking could be a problem. Think 1990 era security mindsets in 2010.
I'd expect utilities to be one of the softest targets out there, based on prior interaction with the industry...
edit: About 8-10 years ago I used to collect news articles, reports to congress, etc, about ICS (industrial control systems, the superset of utilities) being hacked. It was regular, comprehensive, and depressing. The ICS industry was running 15-20 years behind in grasping the fact that hacking could be a problem. Think 1990 era security mindsets in 2010.
>Really? It'd be surprising if they hadn't.
Ding ding ding. PLA Unit 61398, Bureau 121, Unit 8200, Fancy Bear... doesn't surprise me if all of them have any variety of ways into our infrastructure.
Ding ding ding. PLA Unit 61398, Bureau 121, Unit 8200, Fancy Bear... doesn't surprise me if all of them have any variety of ways into our infrastructure.
Yes, I expect pretty much every funded "cyber" agency has explored our systems, from the UK to Somalia. I expect any neutral to semi-hostile country (e.g., North Korea) has dormant C&C systems in our infrastructure.
The conversation needs to be around, "we have known electronic critical infrastructure has been thoroughly compromised for a decade, how do we contain, mitigate, and remove the compromises."
I don't mean to fear-monger or suggest fear mongering. The status quo has been "don't do anything particularly troublesome" on all sides, and that has been stable to date with only mild perturbations such as Stuxnet. It's probably a MAD calculus, with the recognition that open hostile acts would escalate to, as the phrase goes, "kinetic actions".
The US could open the dialogue with the frank admission that our pants are not only down, but blew away in the breeze - we should, all of us, mutually, improve our security. I don't know that this is possible with, e.g., the US power grid without nationalizing it - the profit motive for defending against rare argues against security, as we all know...
The conversation needs to be around, "we have known electronic critical infrastructure has been thoroughly compromised for a decade, how do we contain, mitigate, and remove the compromises."
I don't mean to fear-monger or suggest fear mongering. The status quo has been "don't do anything particularly troublesome" on all sides, and that has been stable to date with only mild perturbations such as Stuxnet. It's probably a MAD calculus, with the recognition that open hostile acts would escalate to, as the phrase goes, "kinetic actions".
The US could open the dialogue with the frank admission that our pants are not only down, but blew away in the breeze - we should, all of us, mutually, improve our security. I don't know that this is possible with, e.g., the US power grid without nationalizing it - the profit motive for defending against rare argues against security, as we all know...
I keep waiting for someone to accidentally discover something in networking hardware that shuts down/shits itself when it gets some specific VLF signal, with it baked right into an IC.
Example: Hostile satellite broadcasts VLF signal, the compromised hardware is always sitting there listening for a specific command with a hybrid IC that does both its expected job and acts as a radio receiver for a very specific signal or signals with code that gets activated when a specific match is detected. VLF is used by submarines to get small amounts of data out from deep underwater, would pass through buildings with ease. Code triggers chip to stop its intended purpose or to run some other code. Even with a few % of networking hardware compromised you'd create a massive disruption that could bring the internet to a grind leading up to an invasion.
You could have the same hybrid chip in traditional telephony hardware, cellular telephony hardware, civilian GPS units, power industry hardware, vehicles. It's not unplausible, in fact, counterfeit chips have already been found time and time again in hardware, polluting a supply intended for sale in the U.S. at one or more Chinese factories would be trivial for the Chinese government for example.
Even just sending a signal to cheap IoT devices or those cody streaming devices all over the internet, at gun shows, at fairs, at flea markets and you could instantly turn on some massive army that starts randomly pinging specific IP addresses or just random sets of IP addresses to just bog down the internet.
People worry about the software, I worry about the ICs themselves.
Example: Hostile satellite broadcasts VLF signal, the compromised hardware is always sitting there listening for a specific command with a hybrid IC that does both its expected job and acts as a radio receiver for a very specific signal or signals with code that gets activated when a specific match is detected. VLF is used by submarines to get small amounts of data out from deep underwater, would pass through buildings with ease. Code triggers chip to stop its intended purpose or to run some other code. Even with a few % of networking hardware compromised you'd create a massive disruption that could bring the internet to a grind leading up to an invasion.
You could have the same hybrid chip in traditional telephony hardware, cellular telephony hardware, civilian GPS units, power industry hardware, vehicles. It's not unplausible, in fact, counterfeit chips have already been found time and time again in hardware, polluting a supply intended for sale in the U.S. at one or more Chinese factories would be trivial for the Chinese government for example.
Even just sending a signal to cheap IoT devices or those cody streaming devices all over the internet, at gun shows, at fairs, at flea markets and you could instantly turn on some massive army that starts randomly pinging specific IP addresses or just random sets of IP addresses to just bog down the internet.
People worry about the software, I worry about the ICs themselves.
Russia's cyber military is James Bond level cool. There are speculations (nobody can prove it) that they set up their own TOR using onion-like proxies, with a custom crypto protocol, over Shodan-discovered endpoints, through a clever use of tunneling through UPNP systems on the internet, with incredible OPSEC - even burning the whole infrastructure several years after it was discovered.
Some day we'll get uncensored versions of these Ops disclosed by the various governments that run them and get to read about the research facilities and intense personalities that run them.
Some day we'll get uncensored versions of these Ops disclosed by the various governments that run them and get to read about the research facilities and intense personalities that run them.
Is this sarcastic? A dream? An outline of a short story? Is there any basis?
> intense personalities
?
> intense personalities
?
Sorry for the opaque comment. Was gushing over the cool exploits of the "Inception Group" or "RedOctober APT" - believed but not proven to be Russian espionage.
https://www.symantec.com/blogs/threat-intelligence/inception...
https://securelist.com/red-october-diplomatic-cyber-attacks-...
James Bond level epic awesomeness and sophistication. Keep reading if you want to nerd out.
https://www.symantec.com/blogs/threat-intelligence/inception...
https://securelist.com/red-october-diplomatic-cyber-attacks-...
James Bond level epic awesomeness and sophistication. Keep reading if you want to nerd out.
I'm not sure HN is the right forum for that. Enjoy, uh, gushing.
HN is for technical conversation, which includes being impressed and commenting on the state of the art.
Seriously encourage reading about capabilities, especially the operations security maturity. The level of research and development is truly impressive.
Seriously encourage reading about capabilities, especially the operations security maturity. The level of research and development is truly impressive.
I think if you look around, you won't see anything like it. You don't need to repeat the 'gushing'; I read the prior two comments. But anyway, have fun.
[deleted]
Calling using Telnet hacking is about as accurate as walking up to someone's unlocked computer and posting to their Facebook and then saying "you got hacked"
I sat in on this webinar and can say there was a few things misleading about this article. These networks were not “air-gapped” they were able to be accessed with lateral movement in the networks. Also they were able to detect them get get all the way to the point where they were able to flip the switch on the ICS. When asked later in the webinar why they didn't there was really no explanation as to why not even though that was their goal as the attackers. That is just fishy to me.
Notice how the article is based entirely on "what ifs". >> "They got to the point where they could have thrown switches" >> "where they could have caused blackouts"
At this point it is a waiting game. Who is going to be the fellow to push the enter key on their keyboard that then causes a 7 digit number of people to go without power, clean water, or even be exposed to radiation? It's understandable that countries feud and people just don't like each other, but actually shutting down key infrastructure like these scenarios suggest is an end game move that establishes the point of no return in global conflict.