Russian Hackers Penetrate Burlington Electric

Code associated with a Russian hacking operation dubbed “Grizzly Steppe” has been detected within Burlington Electric –  a Vermont utility.  The code was not used to disrupt operations, officials have expressed concern over the security of the nation’s electricity grid and the extent to  Russian hackers have penetrated the grid in order to carry out a cyber attack.

Burlington Electric issued the following statement:

On Thursday night, December 29th, the Burlington Electric Department was alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to a Russian campaign linked to recent hacks. We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems.

We took immediate action to isolate the laptop and alerted federal officials of this finding. There is no indication of compromise to customer information or to the security of our system. Our team takes the issue of cybersecurity very seriously and routinely assesses our systems for vulnerabilities with assistance from outside experts. We are working with federal and state officials to prevent any other attempts to infiltrate utility systems.

The National Cybersecurity & Communications Integration Center released an overview of Grizzly Steppe to “alert all network defenders in the United States and abroad to this malicious activity to better secure their networks and defend against Russian malicious cyber activity.”

A Future Cyber Pearl Harbor

While this one event was not a major threat, a cyber attack disrupting the nation’s electricity grid has often been cited as one of the greatest cyber threat scenarios.

Consider this:

  • A task force on improving security for the nation’s electrical grid began by noting that an Allied Strategic Bombing Survey following World War II determined that the bombing campaign would have been more effective if it had targeted the German and Japanese electrical grid rather than urban and industrial centers.
  • As explained by The Hill: if hackers were to knock out 100 strategically chosen generators in the Northeast; the damaged grid would quickly overload causing cascading outages across the couintry.  “While some areas could recover quickly, others might be without power for weeks.”
  • A 2013 attack on Calpine linked to Iran took “detailed engineering drawings of networks and power stations from New York to California — 71 in all — showing the precise location of devices that communicate with gas turbines, boilers and other crucial equipment attackers would need to hack specific plants.”
  • Analysts have confirmed that Russian hackers were able to penetrate Ukraine’s power grid to shut down electricity for 225,000 people.
  • In his 2015 book, “Lights Out,” former Nightline anchor Ted Koppel warned that
    “a major cyberattack on America’s power grid is not only possible but likely, that it would be devastating, and that the United States is shockingly unprepared.”

Old Fashioned Sabotage

The greatest threat to the aging electrical grid, however, is not from a cyber attack but from physical attack on poorly secured substations across the country.  Business Insider reports that knocking out nine interconnected substations and a transformer manufacturer could shut down the grid for 18 months.