A Nov. 7 cyberattack on Delta-Montrose Electric Association that left the electrical cooperative unable to operate phones, e-mail, and payment processing for several weeks has raised questions about the motive of attackers and the security of other electrical utilities.
Until Delta-Montrose reveals more about the case, little definitively can be said. The cooperative this week declined an interview. “We do not have additional details to share,” said DMEA spokeswoman Becky Mashburn in an e-mail. “We are currently focused on restoring full support services to our members.”
Electrical service was not compromised.
The Montrose Mirror reported that Delta-Montrose, in the board of directors meeting on Nov. 30, sidestepped questions from a cooperative member about whether Delta-Montrose had been the subject of ransomware. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.
Normally, once the bribe is paid, those conducting the attack deliver the data. Delta-Montrose has been rebuilding its database, however, suggesting that if a bribe was paid, the saboteurs reneged on a promise to deliver the encryption code necessary to retrieve the data.
This is from Big Pivots 49. For subscription information to this e-journal, see upper-right.
One expert told Utility Dive that it “seemingly sounds like a ransomware attack.” That expert, Ben Miller, Dragos vice president of professional service and research and development, said he expected to hear more in coming weeks on overall impact, because the electric sector has a track record of mutual assistance and sharing lessons learned.
The main takeaway from the Utility Dive article was the consensus of the experts it consulted that ransomware can just as easily target small enterprises as major ones. Delta-Montrose has 35,000 customers.
Another thought is that this may be just a simple case of sabotage. If so, the motive remains unclear.
On its website, Delta-Montrose said it had retained a team of forensic and cybersecurity experts to investigate the scope of the incident and its impacts. “That investigation is still ongoing,” the website said as of Dec. 8.
Colonial Pipeline
A case in May involved a giant energy company, Colonial Pipeline, which paid $4.4 million to a Russia-linked cybercrime group known as DarkSide.
The company’s systems transport roughly 2.5 million barrels of gasoline, jet fuel, and diesel from the Gulf Coast to the Eastern Seaboard, explained Bloomberg in a June 4 story. “The outage led to long lines at gas stations, many of which ran out, and higher fuel prices,” explained Bloomberg in “Hackers Breached Colonial Pipeline Using Compromised Password.”
Colonial Pipeline “turned off the spigot on the fuel network out of concern that the malware that had infected its back-office functions would make it difficult to bill fuel delivered along the pipeline or even spread into the pipeline’s operating system,” reported the New York Times a May 14 story, “Pipeline Attack Yields Urgent Lessons About U.S. Cybersecurity.”
The Times noted that government officials and industry executives for years “have run elaborate simulations of a targeted cyberattack on the power grid or gas pipelines in the United States, imaging how the country would respond.”
In this case, the attacker was not a terror group or a hostile state like Russia, China, or Iran, as had been assumed in the simulations.
“Every fragility was exposed,” said Dimitri Alperovitch, a co-founder of CrowdStrike, a cybersecurity firm, and now chairman of the think tank Silverado Policy Accelerator. “We learned a lot about what could go wrong. Unfortunately, so did our adversaries.”
In the Montrose-Delta case, the cooperative’s ability to deliver electricity was not compromised. And Alyssa Clemsen Roberts said at the Nov. 30 board meeting that they believe no customer information was accessed, according to a report in the Montrose Daily Press.
“Your address, name and things like that maybe, if it was in an e-mail or something like that. But your personal information about your address, no,” she said. Ninety percent of internal network functions and “a good portion of our data” were corrupted.
Privately some knowledgeable individuals predicted that utilities will find it necessary to devote more resources to ward off such attacks. Others speculated that other, especially smaller electrical providers, are scared. Not all e-mails and phone calls for this story were returned.
Tri-State Generation and Transmission offered this statement when asked for comment:
“Tri-State places a strong focus on cyber and physical security for our critical infrastructure and systems. In addition to maintaining North American Electric Reliability Corp.’s Critical Infrastructure Protection compliance, Tri-State also maintains a dedicated Cyber Security Center focused on defending against cyber threats, utilizing an array of technologies and techniques. While we cannot further discuss the specifics of our security efforts, the recent attack is a reminder of the importance of remaining vigilant, and we remain diligent in our efforts to protect Tri-State’s systems against all threats.”
Why support Big Pivots?
You need and value solid climate change reporting, and also the energy & water transitions in Colorado. Because you know that strong research underlies solid journalism, and research times take.
Plus, you want to help small media, and Big Pivots is a 501(c)3 non-profit.
Big grants would be great, but they’re rare for small media. To survive, Big Pivots needs your support. Think about how big pivots occur. They start at the grassroots. That’s why you should support Big Pivots. Because Big Pivots has influence in Colorado, and Colorado matters in the national conversation.
- Helping local governments in Colorado - December 1, 2024
- A beacon on the hill? - November 29, 2024
- How Xcel Energy sees nuclear - November 27, 2024