Cyber attacks on utilities have come to America. The recent news that a Vermont utility has identified malware associated with Russian malicious cyber activity has made it clear that American utilities are not immune. This malware called Grizzly Steepe uses spear phishing emails in order to trick users into installing the malware on their computers. Outside of America on two separate occasions, spear phishing emails have been used to attack power utilities and shut power off to hundreds of thousands of customers. As reported by CBS News, the most recent attack occurred in December of 2016, shutting off power at nearly 60 substations. Last year, similar attacks caused the Department of Homeland Security to issue an alert. Real-world examples of cyber security shortfalls have showed just how important cyber security awareness is.
The greatest threat to your utility’s cyber security comes from the inside. Breaches are often inadvertently enabled by staff using insecure passwords, being deceived by phishing emails, or unintentionally installing malware. A recent example of malware is Killdisk, which encrypts the utility’s SCADA system data and requires a ransom of over $200,000 to be paid in order to make the system usable again. All it takes is one user clicking on an email to make the attack successful.
And the number of security incidences is rapidly mounting. According to The Global State of Information Security Survey 2016, from 2013 to 2015, the rate of detected cyber security incidences at utilities increased nearly 500%. Employees and former employees enabled over 60% of these incidences.
Awareness training is more important than ever, but the available courses simply aren’t working. Most training is conducted online, but based on the uptick in breaches, this type of training is falling short. That’s why PSE is offering customized, hands-on cyber security awareness training at your office.
Your staff is the frontline of your cyber security defense. PSE’s training will help equip them to better prevent attacks, including:
Customized facilitated at your utility, our training is a convenient, cost-effective way to provide key staff up-to-date information.
For more information about our cyber security services and awareness training as well as additional steps you can take to protect your utility, please contact:
Jon Powvens, Lead Cyber Security Consultant
608-268-3555
powvensj@powersystem.org
Department of Homeland Security. “GRIZZLY STEEPE – Russian Malicious Cyber Activity” December 29, 2016.
Williams, Holly. “Russian hacks into Ukraine power grids a sign of things to come for U.S.?” CBS News. December 21, 2016.
Department of Homeland Security. “Alert (IR-ALERT-H-16-056-01) Cyber-Attack Against Ukrainian Critical Infrastructure.” February 25, 2016.