A small Vermont utility will keep working with federal officials to counter hackers, despite a recent government leak that set off a cascade of flawed reporting on the company’s cyber defenses.
"As utilities, we have to work with our federal partners; they have the intelligence that we need," said Neale Lunderville, general manager at Burlington Electric, a municipally owned power utility situated along Lake Champlain. "99.99 percent of federal government officials have good intentions, and they want to do the right thing. [But] there are always some people who want to use information for their own intentions or for some bigger political game."
On Friday, an erroneous report in The Washington Post claimed Russian hackers had infiltrated the U.S. power grid through an unnamed Vermont utility (Energywire, Jan. 4). The report cited anonymous senior Obama administration officials, who on the previous day had released a report detailing internet protocol addresses and malware signatures associated with a Russian state-sponsored hacking campaign known as "Grizzly Steppe."
The evidence of a significant Russian cyber intrusion at the utility in question, later revealed to be Burlington Electric, soon foundered, and the Post retracted parts of its story.
In reality, according to Lunderville, Burlington used the government’s Grizzly Steppe indicators to comb through its own networks on Friday morning. The search turned up one item of interest — suspicious web traffic on a laptop disconnected from any grid operations. The company quickly isolated the computer and pulled it off the business network.
Next, Lunderville said, the utility alerted federal authorities, because the IP address visited by the laptop had been flagged by the Department of Homeland Security and the FBI as part of the Grizzly Steppe campaign. But when the utility reported the potential intrusion to federal officials Friday, it was still too early to say whether the IP address was a "false positive" or part of some malicious, targeted effort to break into the grid.
"Had somebody, anybody, infiltrated our electric grid, that is an extraordinarily significant matter and one that needs to be treated very carefully, not leaked out on a Friday night," Lunderville said.
He said that although an investigation is ongoing, so far there has been no evidence that Burlington Electric was of special interest to any Russian hackers. Lunderville added that he has no special knowledge of how the indicators and IP addresses shared by DHS last Thursday tie back to Moscow, if at all.
"The fact is, they [federal officials] haven’t told us anything about it, and I’m not sure they ever will," he said. "Our job is to detect the threats, report them and then work with our federal partners to continue to mitigate them. We’re not in the intelligence business."
Adding to the confusion about the security of the North American power grid, one of the IP addresses singled out by U.S. authorities in its Russian hacking report bore historic links to Ontario’s main electricity distributor, Hydro One Ltd. But a representative at that company told E&E News that the address in question existed online prior to the formation of Hydro One and was not connected in any way to the operation of the power grid.
Despite the unsubstantiated fears swirling around the Grizzly Steppe indicators and the reliability of the electric grid, Lunderville said that "we as an industry are going to continue to take cybersecurity very seriously."
"Even though the story around this incident was overblown, we can’t think that all threats are overblown," he said, adding that "you’re not going to see the industry pull back" from exchanging information with the government in the face of leaks.
While he said he hoped the episode would ultimately "strengthen" relations with key federal agencies, Lunderville let slip a hint of frustration during a brief phone interview with E&E News.
"Certainly, our federal partners need to appreciate the confidentiality of the information we’re sharing with them," he said.
Reporter Peter Behr contributed.
