This new report appears to be timed to come out with new US sanctions against Russia, which cited “malicious cyberattacks” as one of their justifications. The allegations, however, stem from accusations which have been out since the Obama Administration-era, and have long since been discredited.
The report itself is largely just a whitepaper on how hacking in general works, with scant mention of what Russia is even alleged to have done. The report dates the incidents to “since 2016,” however, and the description clearly mirrors the much vaunted Burlington Electric hack in Vermont in 2016.
The problem is that this Burlington story was preposterously overblown. Far from an attack on the US electrical grid, it represented a single computer that happened to be owned by a single electrical company, but which wasn’t attached to the grid system in the first place, getting infected with malware.
The type of malware this single laptop was infected with was similar to types that were Russian made. This led to the conclusion that this was a Russian plot, despite similar malware being common worldwide. This was then spun into a Russian attack on the electrical grid, despite it having nothing to do with the grid, no definitive link to Russia, and only tangential links to anything electrical.
Still it was a popular story for the Washington Post in 2016, and even though it was complete nonsense, the Trump Administration seems comfortable trotting it back out in 2018, assuming that media outlets will again report it unquestioningly. So far, that appears to be the case for many outlets.