As it turns out, the findings released by U.S. intelligence officials last weekend are more benign than what was originally reported. While the laptop was infected by Russian malware, the computer was not connected to a power grid.
Still, an attack on a U.S. power grid has long been a nightmare scenario for top U.S. officials. The National Security Agency and U.S. Cyber Command chief Adm. Michael Rogers have previously warned it's not a matter of if but when attackers target U.S. power systems.
A Tennessee Valley Authority spokesman said cybersecurity is a matter of increasing concern for the utility and one it takes very seriously. Scott Fiedler said he “couldn't give away the playbook,” but acknowledged TVA uses a multitiered approach to cyber security measures.
“As the nation's largest power provider, we work around the clock to monitor our network to protect it from cyber threats,” he said. “... We perform continuous monitoring, penetration testing and vulnerability assessments.”
Fiedler explained that TVA employees are required to take cybersecurity training on an annual basis to ward off phishing schemes that may seek passwords or other sensitive information.
He said TVA also utilizes a specific team to train the utility's information security specialists, all of which share a common goal — protect the utility's network.
“Our critical infrastructure systems are housed within a specific network and are isolated from the corporate network. You have to have special authorization to log into it and it's not attached to the internet,” he said. “We have a fence between personal computers and the grid; they don't touch.”
The utility also stays abreast of threats through partnerships with the FBI, Homeland Security and the Department of Energy.
“We are prepared, but you always have to be concerned, stay ahead and learn from the industry,” Fiedler said.
Athens Utilities has similar safeguards in place to protect its systems. City of Athens grant coordinator and communications specialist Holly Hollman said the utility's networks are also separated from the internet.
There is also limited access to the Supervisory Control and Data Acquisition system, or SCADA. The system, which informs the utility about line breaks, alarms or substation outages, is on a closed network.
“Through our hardware and software policies, we have multiple ways to protect the system,” Hollman said.
The Vermont hack
The Burlington Electric Department, one of Vermont's two largest electric utilities, confirmed Friday it had found on one of its laptops the malware code used in Grizzly Steppe, the name the U.S. government has given to malicious cyber activity by Russian civilian and military intelligence services.On Tuesday, the Washington Post reported the internet activity was apparently caused by a electric department employee checking his Yahoo email account. Officials told the Post the traffic associated with the IP address was not necessarily malicious and could be found elsewhere.
Investigators did find a Neutrino exploit kit, a package known for delivering malware, but it did not appear to be connected with Grizzly Steppe, the Post reported.
©2017 The News Courier (Athens, Ala.) Distributed by Tribune Content Agency, LLC.
