“Microsoft software flaw could lead to widespread hacking attempts,” is the headline of a tech magazine recently. You may have read about a recent hack on a vulnerable hole in software that allowed hackers in. One report says “attack attempts have increased 10 times based on data collected between March 11 and March 15.” This follows another incident – SolarWinds – several months ago that allowed hackers into US government systems.
ECC is an energy website, not a cyber site, so what’s the deal? Potentially lots. “Four days after the supply chain cyberattack on IT service provider SolarWinds was revealed, details on its global victims — from federal agencies to oil and electricity companies — are still emerging.” (Source)
Pandemic work-at-home activities can open hacking possibilities. “Grid attacks have increased 35% since Americans began quarantining. That correlates with more electric-sector employees working from home. As an example, one U.S. utility that previously allowed only 9% of its power plants to operate remotely now allows 80% to do so.” (Source)
Intrusions into one utility company do not mean the whole grid goes down. The grid is resilient. That said, bad actors are evolving in their attacks.
A report, North American Electric Cyber Threat Perspective, right, details cyber threats on energy. Among its findings: “The threat landscape focusing on electric utilities in North America is expansive and increasing…
- Attacks on electric utilities can have significant geopolitical, humanitarian, and economic impact.
- One significant threat includes active supply chain compromises…
- Research [shows] the adversary’s intent and ability to target protection and safety operations to cause prolonged outages, equipment destruction, and human health and safety concerns.
- Cyberattacks are an increasing means to project dominance using cyberattacks in the energy domain.”
Utility companies themselves are not the only power-oriented targets. Some hackers target vendors and suppliers of utilities to try and find back doors into power operations.
IT experts note that intrusions into oil and gas operations by Russians have been to steal information about how to make petroleum operations better, not cause problems. That means an attack is not always meant to shut down something.
Most utilities have pages on their websites noting how they protect against cyber issues. Note that companies can note their efforts, but for safety they cannot “go public” with a lot of details.
What can customers do?
- Don’t assume a message from your power company is real. It can be a scam. Check for yourself through dependable communication avenues. Scammers want your personal information. The Edison Electric Institute has a page about scams here.
- Like preparing for a storm, be prepared in case an outage happens. Ready.gov has power outage information.
Above all, know that all utilities work hard to maintain cyber security.