California's Electrical Grid Safe in Latest Hacking Attempt, Operators Say

A spokesman states that an international hacking campaign targeting energy companies has not penetrated the operating systems of the corporation that runs a good portion of California’s electricity grid.

by David R. Baker, San Francisco Chronicle / September 11, 2017

(TNS) -- An international hacking campaign targeting energy companies has not penetrated the operating systems of the corporation that runs most of California’s electricity grid, a spokesman for the company said.

Security firm Symantec, based in San Jose, this week released a blog post describing the hacking campaign, which has tried to penetrate the computer systems of European and North American companies that generate or transmit electricity. The same hackers, a group Symantec refers to as Dragonfly, were responsible for similar attacks on energy companies from 2011 to 2014, according to the post.

Symantec has notified companies it believes have been targets of the current campaign, but it has declined to name them publicly.

About 80 percent of California’s vast electricity grid is run by the California Independent System Operator, a not-for-profit corporation based in Folsom. Spokesman Steven Greenlee said the operator has not been contacted by Symantec, nor has anyone ever broken into its core operating systems.

That does not mean, however, that hackers haven’t tried.

“We get probed probably every day,” Greenlee said. “Who these come from, we don’t know. It could be nation-states to criminal enterprises to script kiddies,” he said, using a term within the hacking community for unskilled hackers who only use code other people have written.

None of the utility companies that work with the operator have notified it that they were contacted by Symantec, Greenlee said. Pacific Gas and Electric Co., California’s largest utility, said that it had not been contacted by Symantec and that “There is no impact to PG&E.” The Sacramento Municipal Utility District said it was not affected by the hacking campaign and had not been contacted by Symantec.

Governments worldwide have worried for years over the danger that hackers could pose to electricity grids. It is not a theoretical threat. Hackers in 2015 and 2016 attacked electrical systems in Ukraine, at one point knocking out power to part of the capital, Kiev. The hackers were widely believed to be Russian.

And while the California Independent System Operator says its core systems have never been breached, hackers did penetrate part of the corporation’s computer network in 2001, gaining limited access for at least 17 days before being detected. They never gained the ability to affect the flow of power over the grid, the operator said at the time.

The Symantec report says the current Dragonfly campaign appears to have begun in late 2015, and bears some of the hallmarks of the group’s earlier attacks. While Symantec can’t pinpoint the location of the hackers, the company noted that some of the coding strings contain Russian words, while others contain French.

“Conflicting evidence and what appear to be attempts at misattribution make it difficult to definitively state where this attack group is based or who is behind it,” the blog post reads.

The Edison Electric Institute, an industry trade group, says its members are aware of the Dragonfly threat.

“The delivery of safe and reliable energy has not been affected, and, at this time, there has been no operational impact to facilities or to the systems controlling the North American energy grid,” Scott Aaronson, the group’s director for security, said in a statement.

©2017 the San Francisco Chronicle Distributed by Tribune Content Agency, LLC.