1. Forum
  2. Usenet
  3. SCI.ENERGY

  • Hear the 'Hacked' Vermont Utility Manager In His Own Words, Bernie, Oba

    From Knobe@21:1/5 to All on Sat Jan 7 11:19:17 2017
    XPost: alt.fan.states.vermont, alt.politics.media, alt.politics.obama
    XPost: sac.politics

    The Obama administration leaked the story and were outed as
    totally ignorant fools.

    Last week, The Washington Post made headlines when it reported
    that Russian hackers had penetrated the U.S. power grid through
    a utility in Vermont.

    The story was flawed, to say the least. The electrical grid had
    not been hacked, and neither had the company. In short, a false
    alarm—an employee checking email—triggered an alert, which the
    utility reported to the federal authorities. Someone there
    apparently leaked it to the press, then reporters ran the news
    based on incomplete information. You can read more about what
    went wrong here.

    Fortune caught up with Burlington Electric Department, the
    utility in the eye of the firestorm, after the furor quieted
    down. Neil Lunderville, general manager at the utility, told us
    he was taken aback by the mayhem that erupted the morning after
    the utility filed a report to the Feds. Although some commenters
    have speculated that the leak's fallout might deter companies
    from sharing threat information with the government in the
    future, Lunderville said the experience will not inhibit the
    utility he manages from sharing intel with the Feds again. He is
    disappointed by what happened, he said, but still believes that
    maintaining a good relationship between the public and private
    sector is vitally important when it comes to protecting national infrastructure.

    Get Data Sheet, Fortune’s technology newsletter.

    Here what Lunderville had to say, in his own words, lightly
    edited for clarity and length.

    Fortune: First off, happy new year!

    Lunderville: I haven't learned how to say that in Russian yet.

    Thankfully, you won't have to...

    Just teasing.

    So, what happened?

    On the last Thursday before the new year—Dec. 29—we received an
    update from the Department of Homeland Security asking us to
    look out for certain indicators of compromise. I think most
    other utilities received this as well. They said they were
    related to Grizzly Steppe [the government's codename for an
    alleged Russian hacking operation].

    We uploaded the indicators to our scanning system to look for
    the types of things specified. Then sometime on Friday morning,
    when one of our employees went to check email at Yahoo.com, our
    scanning system intercepted communications from that computer
    and an IP address listed in the indicators of compromise. When
    warned of that, we immediately isolated the computer, pulled it
    off the network, and alerted federal authorities.

    So far, so good.
    To be clear, that computer was not attached to the grid control
    systems. It was on our business network, which is separate.
    There is no indication of compromise of either any of our
    internal systems or any customer data. The federal authorities
    have told us they've seen traffic—this suspicious kind of cyber
    activity—in the traffic of other companies. They don’t think it
    is unique to BED, or even to the utility sector.

    We filed the report on Friday. We talked to the federal
    authorities. They said, Thanks for the information, we'll get
    back to you. At that point, we weren’t done with it, but we
    didn’t expect any other activity to happen on Friday.

    What went wrong?
    The day after we filed the report, someone in the federal
    government misinterpreted it as an intrusion into the grid by
    the Russians and leaked that information to the Washington Post,
    incorrectly. The Washington Post decided to run with the story
    before confirming with us. That's what led to this cascading
    series of stories that spiraled out into the Twitter-verse with
    unrelenting speed. We've been trying to clean up the mess since
    then.

    Do you know whether the Washington Post knew you were the
    utility in question?

    There are only two utilities in this area of Vermont: us and
    Green Mountain Power.

    Tell me about Burlington Electric.
    We're a municipal utility. We've been around 111 years and have
    127,000 customers. We serve just city of Burlington, the biggest
    city in Vermont.

    In 2014 we became the first city in the U.S. to source 100% of
    our power from renewable energy: biomass, hydroelectric, wind,
    and solar power. We've been leading on efficiency for 25 years.
    We use less power and electricity in Burlington today than we
    did in 1989.

    Have you changed any of your protocols or security measures
    since this "hacking" incident?
    As general rule, we don’t talk about our cybersecurity measures.
    I've been disciplined in this process not to get into any of
    those details. We don’t want to create a roadmap for folks
    looking to try to poke through our network. Any incident like
    this provokes a review of our systems, which we've done.

    Cybersecurity is not a moment in time. It's an ongoing process
    that you've got to look at every day of the year. We're always
    looking to evolve our systems. That certainly has happened since
    last week, and it also happens every week. We're always making
    changes to the system, adding more security.

    Will you be more hesitant, or cautious, about sharing
    information with U.S. officials in the future?

    No. We are going to share with the Feds. Somebody used the
    information we submitted for their own purposes—political or
    otherwise—and the newspaper went running with it without having
    the facts right. Still, you should not throw the baby out with
    the bath water.

    We have a good relationship with our federal partners. We're not
    going to stop working with them because of this incident.

    Ultimately, we rely on them for intelligence about cyber
    threats. We provide information to them. They analyze that
    information and assess what the source of it is, and what we can
    do to stop it. We can't afford to pull back from working with
    them.

    The Washington Post reported in a follow-up story that an itty-
    bitty piece of malware was ultimately discovered on the laptop
    in question. Do the ends justify the means?

    What do you mean?
    Blowup aside, some malware was discovered in the end.

    That's an area we didn't comment on. We at BED aren’t getting
    into that because we're part of an ongoing federal
    investigation. This was a computer not connected to any of our
    grid control systems. Whether or not it contained even a little
    piece of malware does not justify an inaccurate leak that the
    grid was penetrated by Russians, nor does it justify an
    inaccurate report to same tune.

    The penetration of the U.S. electrical grid would be a serious
    national security threat that would need to be handled with the
    utmost of care. The presence of malicious code, whether there or
    not, on a computer not connected to critical grid systems, is a
    very different story.

    What do you think about the attribution to Russia?

    Any threat to the electrical grid needs to be taken seriously,
    whether by Moscow or Manhattan. The difference doesn’t matter.
    From a utility perspective, we don't want any of those threat
    indicators on our network.

    http://fortune.com/2017/01/06/vermont-utility-burlington- electric-manager/?xid=gn_editorspicks&google_editors_picks=true

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)