Burlington Electric said it found malicious software on company laptop that matches those on malware found in the Democratic National Committee computers that the US government has blamed on Russians. Burlington Electric, which serves 19,600 customers in Vermont, noted that the malicious software on a computer was not connected to its grid control systems. Both the Department of Homeland Security and the utility said there are no indications that the electric grid was breached, reported CNN.
Burlington Electric General Manager Neale Lunderville told CNN that the utility found an Internet address that was associated with recent malicious cyber activity, and that IP address was communicating with a company computer. "We immediately isolated the machine, pulled it off the network, alerted federal authorities and began to work with them," he said.
The federal government refers to the Russian malicious cyber activity as Grizzly Steppe. Officials involved in the investigation of the malware say they do not believe it was an attempt to bring down part of the electric grid, CNN reported. One reason why, they cited, is that Burlington Electric is a small utility and therefore the impact would not be as great as if it were a larger company with many more customers.
As reported by the Washington Post, Vermont Gov. Peter Shumlin (D) called on federal officials “to conduct a full and complete investigation of this incident and undertake remedies to ensure that this never happens again.”
“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” Shumlin said in a statement. “This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling.”
Rep. Peter Welch (D-Vt.) said the attack shows how rampant Russian hacking is. “It’s systemic, relentless, predatory,” Welch said. “They will hack everywhere, even Vermont, in pursuit of opportunities to disrupt our country. We must remain vigilant, which is why I support President Obama’s sanctions against Russia and its attacks on our country and what it stands for.”
Brian M. Harrell, CPP, Director of Navigant and former Director of Critical Infrastructure Protection Programs at NERC, told SIA Update: It’s a bit premature to say that the Russians planted this malware on a utility workers transient device, but the code detected is similar to the malware used in the advanced persistent threat campaign by Russian cyber operatives. It will take some time to trace the malware to its origin. The hacking of critical infrastructure is a concern for utilities across the country, but we should be careful to keep this in perspective. The infected computer is reportedly not connected to key control or energy management systems affecting utility power operations. The utility identified the malware, recognized the indicators of compromise, and notified law enforcement and grid regulators, all while isolating the one laptop with malware on it. This is evidence of how timely and accurate threat information, in the hands of utility operators, can mitigate threats to the power system. Hacking into corporate computers of a utility does not necessarily compromise the integrity or reliability of the electric grid. Attackers would need to successfully gain access to industrial control systems, which they did not. While this event causes alarm, due to recent events surrounding Russian cyber intrusions, it should be noted that phishing attempts, denial of service attacks, and ransomware attacks happen every day within critical infrastructure sectors. The electricity sector has mandatory and enforceable security standards, and a uniquely strong tie with the E-ISAC ran by NERC, which may have aided Burlington Electric in identifying the malware. We still do not fully understand the capability and intent behind the malware found at Burlington Electric, however, US CERT and federal resources should be used to investigate and better determine how this malware was introduced. Federal officials should work closely with NERC and the E-ISAC to then provide lessons learned."