Reports came up recently stating that several states across the US have started reviewing cyber security as regards critical infrastructure following reports that a laptop at the Burlington Electric Department was found to be infected with malware.
Reports indicated that the Burlington Electric laptop cyber security issue was perhaps a result of a Russian hacking campaign known by the federal government as Grizzly Steppe.
The Washington Post had reported initially that “A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials.”. The report further said- “While the Russians did not actively use the code to disrupt operations, according to officials who spoke on the condition of anonymity to discuss a security matter, the discovery underscores the vulnerabilities of the nation’s electrical grid. And it raises fears in the U.S. government that Russian government hackers are actively trying to penetrate the grid to carry out potential attacks…Officials in government and the utility industry regularly monitor the grid because it is highly computerized and any disruptions can have disastrous implications for the country’s medical and emergency services.” The report was later updated to name the Burlington Electric Department.
The Burlington Electric Department came out with a release stating that there was no indication that Electric Grid or Customer Information was compromised. The statement said- “On Thursday night, December 29, 2016, the Burlington Electric Department was alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to recent malicious cyber activity. We acted quickly to scan all computers in our system for the malware signature. We detected suspicious Internet traffic in a single Burlington Electric Department computer not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this Data Security issue.”
The release further said- “There is no indication that either our electric grid or customer information has been compromised. Media reports stating that Burlington Electric was hacked or that the electric grid was breached are false.” It also said- “Federal officials have indicated that this specific type of Internet traffic also has been observed elsewhere in the country and is not unique to Burlington Electric. It’s unfortunate that an official or officials improperly shared inaccurate information with one media outlet, leading to multiple inaccurate reports around the country.”
Such reports do get noted at a time when organizations worldwide give utmost priority to website security and enterprise data security.