Public Utilities in the U.S. Being Targeted by International Hackers

Late in 2013, the FBI discovered that a Chinese hacker called UglyGorilla was seeking access to parts of a U.S. utility company’s systems that would allow him to remotely cut off heat or damage pipelines. He and others working for the People’s Liberation Army in China targeted 23 natural gas pipeline companies over seven months beginning in December 2011, breaching at least 10, according to the U.S. Department of Homeland Security (DHS).¹

In October, the DHS also issued alerts about digital attacks on utility computers, outlining how malware called BlackEnergy was used to access human-machine interfaces, systems that utility operators use to control critical functions.² Cyber security firms have since connected the attacks to well-funded, organized teams of Russian hackers, cautioning that cyber spying by Russia is on the rise.³

These groups’ activities demonstrate the increasing reach of cyber attacks as ever-larger sectors of the economy become connected and controlled via the Internet.

According to a blog post in June from security company Symantec Corp., attacks like these most commonly target grid operators, petroleum pipeline controllers, electricity generation firms, and water processing plants, and warned that these hacks may be capable of disrupting or damaging vital public utilities. ⁴

In prepared testimony for a congressional hearing in May of 2013, acting Inspector General for the DHS Charles Edwards said that successful infiltrations of computer networks have the potential to create large-scale power outages or cause “physical damage, loss of life, and other cascading effects that could disrupt services.” ⁵

But it’s not just large energy companies and petroleum operators who should be concerned. Municipal government systems in Colorado were successfully targeted by computer hackers using phishing emails in 2014.⁶

The hackers used phishing emails to gain sensitive information such as usernames, passwords, and financial data. The goal of a phishing email is to lure the recipient into clicking a link or an attachment containing malware that can compromise sensitive information. Phishing emails appear to originate from a trustworthy source such as a colleague or supervisor, or often purport to be from popular social media sites, banks, online payment processors, or IT administrators.

Most of us are willing to take risks when it comes to security, only regretting it when it’s already too late. But as a Pool member, there are resources available to you and steps you can take now to prevent becoming the victim of such an attack.

Shoring up the vulnerabilities in your digital security before an attack takes place can save your organization countless time and resources. The eRisk Hub® is a tool that’s available to all members of the Pool and was specifically made available in response to data breach issues while also providing a live resource for the well-being of any information technology department. There are three levels of threat assessment provided at discount prices from NetDiligence, and 50% of the cost of this resource is also eligible for Safety and Loss Prevention Grant funding making this resource very accessible and affordable for Pool members.

The eRisk Hub provides districts with everything they need to respond to a data breach under the new Federal Red Flag or Colorado State Data Breach Statutes. While public entities are exempt from the state law, these types of statutes often become considered the baseline, and a plaintiff’s attorney may look to those if the district ever faced a legal action. Content on the site includes but is not limited to:

• Personal data breach incident hotline
• Data breach incident road map
• Pre-qualified and preferred pricing resources for:
  • Legal
  • Forensic
  • Loss Mitigation
  • Corrective Action
  • Law Enforcement
  • Public Notification
  • Public Relations
  • Credit Monitoring Reports
  • ID Theft Counselors

Members participating in the Liability program have up to $200,000 in Cyber Liability benefits for data compromise already included in their coverage. This benefit can cover you and your organization in the event of e-commerce, data compromise, website publishing, or network security breach liability claims, as well as damage incurred from replacement or restoration of electronic data and cyber extortion threats.

References:

¹ http://www.bloomberg.com/news/2014-06-30/symantec-warns-energetic-bear-hackers-threaten-energy-firms.html
² http://www.propertycasualty360.com/2014/10/30/next-up-for-russian-hackers-utilities?ref=rss
³ http://abcnews.go.com/US/trojan-horse-bug-lurking-vital-us-computers-2011/story?id=26737476
⁴ http://www.symantec.com/connect/blogs/dragonfly-western-energy-companies-under-sabotage-threat
⁵ http://www.bloomberg.com/news/2013-05-16/utilities-targeted-by-hackers-raise-dire-u-s-warnings.html
⁶ http://www.sdaco.org/news/colorado-local-governments-successfully-targeted-phishing-attacks