XPost: alt.fan.states.vermont, alt.politics.media, alt.politics.obama
XPost: sac.politics
The Obama administration leaked the story and were outed as
totally ignorant fools.
Last week, The Washington Post made headlines when it reported
that Russian hackers had penetrated the U.S. power grid through
a utility in Vermont.
The story was flawed, to say the least. The electrical grid had
not been hacked, and neither had the company. In short, a false
alarm—an employee checking email—triggered an alert, which the
utility reported to the federal authorities. Someone there
apparently leaked it to the press, then reporters ran the news
based on incomplete information. You can read more about what
went wrong here.
Fortune caught up with Burlington Electric Department, the
utility in the eye of the firestorm, after the furor quieted
down. Neil Lunderville, general manager at the utility, told us
he was taken aback by the mayhem that erupted the morning after
the utility filed a report to the Feds. Although some commenters
have speculated that the leak's fallout might deter companies
from sharing threat information with the government in the
future, Lunderville said the experience will not inhibit the
utility he manages from sharing intel with the Feds again. He is
disappointed by what happened, he said, but still believes that
maintaining a good relationship between the public and private
sector is vitally important when it comes to protecting national infrastructure.
Get Data Sheet, Fortune’s technology newsletter.
Here what Lunderville had to say, in his own words, lightly
edited for clarity and length.
Fortune: First off, happy new year!
Lunderville: I haven't learned how to say that in Russian yet.
Thankfully, you won't have to...
Just teasing.
So, what happened?
On the last Thursday before the new year—Dec. 29—we received an
update from the Department of Homeland Security asking us to
look out for certain indicators of compromise. I think most
other utilities received this as well. They said they were
related to Grizzly Steppe [the government's codename for an
alleged Russian hacking operation].
We uploaded the indicators to our scanning system to look for
the types of things specified. Then sometime on Friday morning,
when one of our employees went to check email at Yahoo.com, our
scanning system intercepted communications from that computer
and an IP address listed in the indicators of compromise. When
warned of that, we immediately isolated the computer, pulled it
off the network, and alerted federal authorities.
So far, so good.
To be clear, that computer was not attached to the grid control
systems. It was on our business network, which is separate.
There is no indication of compromise of either any of our
internal systems or any customer data. The federal authorities
have told us they've seen traffic—this suspicious kind of cyber
activity—in the traffic of other companies. They don’t think it
is unique to BED, or even to the utility sector.
We filed the report on Friday. We talked to the federal
authorities. They said, Thanks for the information, we'll get
back to you. At that point, we weren’t done with it, but we
didn’t expect any other activity to happen on Friday.
What went wrong?
The day after we filed the report, someone in the federal
government misinterpreted it as an intrusion into the grid by
the Russians and leaked that information to the Washington Post,
incorrectly. The Washington Post decided to run with the story
before confirming with us. That's what led to this cascading
series of stories that spiraled out into the Twitter-verse with
unrelenting speed. We've been trying to clean up the mess since
then.
Do you know whether the Washington Post knew you were the
utility in question?
There are only two utilities in this area of Vermont: us and
Green Mountain Power.
Tell me about Burlington Electric.
We're a municipal utility. We've been around 111 years and have
127,000 customers. We serve just city of Burlington, the biggest
city in Vermont.
In 2014 we became the first city in the U.S. to source 100% of
our power from renewable energy: biomass, hydroelectric, wind,
and solar power. We've been leading on efficiency for 25 years.
We use less power and electricity in Burlington today than we
did in 1989.
Have you changed any of your protocols or security measures
since this "hacking" incident?
As general rule, we don’t talk about our cybersecurity measures.
I've been disciplined in this process not to get into any of
those details. We don’t want to create a roadmap for folks
looking to try to poke through our network. Any incident like
this provokes a review of our systems, which we've done.
Cybersecurity is not a moment in time. It's an ongoing process
that you've got to look at every day of the year. We're always
looking to evolve our systems. That certainly has happened since
last week, and it also happens every week. We're always making
changes to the system, adding more security.
Will you be more hesitant, or cautious, about sharing
information with U.S. officials in the future?
No. We are going to share with the Feds. Somebody used the
information we submitted for their own purposes—political or
otherwise—and the newspaper went running with it without having
the facts right. Still, you should not throw the baby out with
the bath water.
We have a good relationship with our federal partners. We're not
going to stop working with them because of this incident.
Ultimately, we rely on them for intelligence about cyber
threats. We provide information to them. They analyze that
information and assess what the source of it is, and what we can
do to stop it. We can't afford to pull back from working with
them.
The Washington Post reported in a follow-up story that an itty-
bitty piece of malware was ultimately discovered on the laptop
in question. Do the ends justify the means?
What do you mean?
Blowup aside, some malware was discovered in the end.
That's an area we didn't comment on. We at BED aren’t getting
into that because we're part of an ongoing federal
investigation. This was a computer not connected to any of our
grid control systems. Whether or not it contained even a little
piece of malware does not justify an inaccurate leak that the
grid was penetrated by Russians, nor does it justify an
inaccurate report to same tune.
The penetration of the U.S. electrical grid would be a serious
national security threat that would need to be handled with the
utmost of care. The presence of malicious code, whether there or
not, on a computer not connected to critical grid systems, is a
very different story.
What do you think about the attribution to Russia?
Any threat to the electrical grid needs to be taken seriously,
whether by Moscow or Manhattan. The difference doesn’t matter.
From a utility perspective, we don't want any of those threat
indicators on our network.
http://fortune.com/2017/01/06/vermont-utility-burlington- electric-manager/?xid=gn_editorspicks&google_editors_picks=true
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)