Russian hackers have been probing Texas’ energy infrastructure for weak points in digital systems that would allow them to steal sensitive information or disrupt operations, according to interviews with energy companies, state officials and cybersecurity experts.
State regulators and energy companies — from utilities to oil and gas transportation hubs to their associated vendors — said they have been aware of the elevated Russian cyber threats since the Russian invasion of Ukraine last month, but they’re careful to not say too much.
"We are on super high alert," said Thad Hill, CEO of Texas power giant Calpine, adding that he has been closely monitoring Russia’s cyber actions.
President Joe Biden last week warned that the White House has "evolving intelligence that the Russian government is exploring options for potential cyberattacks" — the administration’s starkest warning yet.
Worst-case scenarios in Texas include hackers breaching the state’s power grid system and shutting off electricity to millions of Texans, seeking to halt shipments of oil and gas from seaports, or breaking into a refinery’s network so it is unable to produce gasoline and other petroleum products.
Energy companies and their regulators said it’s not unusual to detect hackers surveying their networks for weak points. But since February’s Russian invasion, energy-related facilities in Texas have seen the number of probes by hackers increase, Robert M. Lee, founder and CEO of the industrial cybersecurity firm Dragos, said in an interview.
Lee, who previously worked at the National Security Agency, where he helped design the U.S. government’s system for tracking state-backed hackers, said his company has traced the hackers recently probing Texas energy infrastructure and discovered they’re Russian.
"Texas has some key export facilities for liquid natural gas — at a national security level, there are a couple sites that we all freak out about," Lee said. "If you took down one site, you don't get fuel exports out to certain countries."
The Port of Corpus Christi has grown to be the third-largest seaport in the country and the nation’s second-largest exporter of natural gas. Many European countries rely heavily on Russian natural gas, and the U.S. is trying to help wean Europe off Russian gas by increasing U.S. natural gas exports to Europe — part of an increasing effort to put economic pressure on Russia.
"We are certainly a target," Sean Strawbridge, CEO of the Port of Corpus Christi, said in an interview.
Russia is known globally in the cybersecurity world for having a top-notch cyber attack operation. In 2021, Russian hackers breached computerized equipment that operates the largest fuel pipeline in the U.S., causing the Colonial Pipeline Company to shut down its pipeline, which originates in Houston, for six days to contain the attack. The breach triggered fuel shortages and a spike in gas prices on the East Coast.
Last week the U.S. Justice Department unsealed two indictments charging four Russians who worked for the Russian government with an ongoing campaign of infiltrating the computers of energy companies in 135 countries between 2012 and 2018.
Separately, a federal grand jury earlier this month indicted a 23-year-old Russian man in East Texas for "operating a cyber-criminal marketplace that sold thousands of stolen login credentials, personal identifiable information and authentication tools" for online payment platforms, retailers and credit card accounts, the Justice Department said.
Dr. Chris Bronk, a cybersecurity professor at the University of Houston, said he is most concerned about possible cyberattacks on the U.S. electricity system.
Regulators overseeing Texas’ power grid, the smallest of the three in the U.S., said the grid operator, the Electric Reliability Council of Texas, and the Public Utility Commission of Texas that oversees it, work diligently on cyberdefense.
But ERCOT was unable to keep the power on last year when a winter storm hammered Texas, leaving millions without power for days and hundreds dead. ERCOT said the grid was only minutes away from catastrophic failure that could have caused monthslong blackouts if it hadn’t quickly ordered companies to shut off power to large swaths of the state.
"If parts of ERCOT go down, the whole grid could collapse," Bronk said. "It’s a rickety ship, and we have ample evidence of the weaknesses."
State regulators said they have been shoring up their cyberdefenses.
"We take cybersecurity and the protection of the Texas grid and our state’s energy infrastructure very seriously," a spokesperson for the Public Utility Commission of Texas said in an email. "We are aware of and closely monitoring the potential increased risk of cyberattack on that infrastructure, and we’re working with our regulated industries to communicate emerging threats, alerts and warnings issued at the federal level."
In West Texas, the nation’s biggest oil producing region, a February hacking attempt on a local hospital system has some local officials on edge.
Dustin Fawcett, the incoming county judge in Ector County, home of Odessa — which was named after the Ukrainian city on the Black Sea — said Medical Center Hospital System learned that the attack "did come from Russia."
"Anything to disrupt our way of life will then impact the oil and gas industry," Fawcett said. "If they can disrupt our production out here in any way, that benefits them."
The Texas Tribune is a nonprofit, nonpartisan media organization that informs Texans — and engages with them — about public policy, politics, government and statewide issues.