"There are some different statistics available, but the gist is that ransomware attacks have significantly increased year over year, with both the total number of attacks, and amount in ransom payouts, at highs never seen before," said Ian Fitzgerald, Chelan PUD chief technology officer. "Nobody is immune to these statistics, and we take both our physical and cyber security responsibilities very seriously."
The Cybersecurity & Infrastructure Security Agency (CISA), a cybersecurity agency operating under the Department of Homeland Security, reported hackers breached a western Pennsylvania water facility, Municipal Water Authority of Aliquippa in November. The hackers, identified as an Iranian-backed cyber group, CyberAv3ngers, gained control of a remote booster station that monitors and regulates pressure for two communities. There was no known risk to water supply; the system was disabled and operated manually following the attack. Several attacks on Pacific Northwest substations were reported in November 2022.
According to CISA, a breach can result in an inability to provide and manage a community's wastewater or other product. The hackers in the Pennsylvania water facility attack are suspected to have assessed the facility's device by cybersecurity weaknesses, like poor password security.
The Chelan PUD electrical grid security is "top priority", according to Chelan PUD security director, Rich Hyatt. Intrusion detection, 24/7 electronic monitoring, physical patrols and consistent inspections fall under the umbrella of security for Chelan PUD. Across the river, Douglas PUD also exercises constant monitoring across its networks, facilities and data to detect irregularities, according to Douglas County PUD spokesperson, Meaghan Vibbert.
"Keeping the lights on is our job and tight security is a way to help ensure that happens," Vibbert said.
Both PUDs are audited every three years by the Western Electricity Coordinating Council, an agency responsible for compliance monitoring and enforcement, on a "multitude of North American Electric Reliability Corporation (NERC) compliance standards," Vibbert said. The reliability and compliance audit surveys whether the utilities are operating and securing electric systems with standards developed by NERC. Chelan PUD partnered with the Department of Homeland Security, as well, to gauge its "cyber readiness," Fitzgerald said.
Chelan PUD in November completed "the largest grid security exercise in North America," hosted by NERC's Electricity Information Sharing and Analysis Center, Fitzgerald added. The Wenatchee-based PUD also incorporated artificial intelligence into its technology stack as a defense mechanism.
"As new threats emerge, and the cybersecurity landscape shifts, we will shift with it, and deploy the best security we can in times of fast-paced growth and moving attack vectors," Fitzgerald said.
©2023 The Wenatchee World, Distributed by Tribune Content Agency, LLC.