|
|
Posted By IAMU,
Wednesday, September 20, 2017
|
In July, the U.S. General Services Administration (GSA) removed Kaspersky Lab from its list of approved vendors for information technology products and services out of concerns that the Russian company might be used by the Russian government to exploit or attack American computer networks. In September, the U.S. Department of Homeland Security issued a directive, following an investigation into the matter, which called for all Executive Branch agencies to cease using Kaspersky Lab products and services; considering the fact that Russian law allows for Russian intelligence agencies to compel assistance from Russian companies to “intercept communications transiting Russian networks…” On Monday, the U.S. Senate voted to remove all Kaspersky Lab products from U.S. government systems within 90 days, as part of the “FY-18 National Defense Authorization Act (NDAA)”.
The North American Electric Reliability Corporation (NERC) is about to issue an official alert to all electric service providers about Kaspersky Lab products and services. Other regulatory entities for other industries managing critical infrastructure throughout the U.S. will soon follow. It is the official IAMU position that our members begin to develop plans to phase out all Kaspersky Lab products and replace them with American equivalents as soon as possible.
If you have any questions, please contact Russell Saffell, Director of Member Security and Critical Infrastructure Protection at rsaffell@iamu.org or by phone at (515) 289-1999. Thank you for your continued efforts to provide and protect municipal utility services in Iowa.
Tags:
Cyber Security
GSA
Kaspersky Lab
NERC
Permalink
| Comments (0)
|
|
|
Posted By IAMU,
Wednesday, September 13, 2017
|
Provided by the American Public Power Association
By Jeannine Anderson, News Editor
What a difference a small wobble from Hurricane Irma made, the night after it made landfall.
All day, the massive storm had been expected to stay along Florida’s west coast, and head straight for Tampa. But at the last minute, that evening, Irma changed its track just a little, veering toward the east, plowing through Polk County with gusts of 115 miles per hour and hitting the public power towns of Fort Meade, Lakeland and Bartow. Orlando, Kissimmee and Jacksonville — three more public power communities — also were hit hard.
“This will probably be the largest utility restoration and rebuild project in the history of the United States,” said Roseann Harrington, vice president of marketing at the Orlando Utilities Commission, in a video posted Sept. 12 by the Orlando Sentinel. “So we ask for everybody’s patience.”
The city of Lakeland reported gusts of nearly 110 mph, according to the local newspaper, The Ledger. Lakeland Electric reported that 78,430 customers had gone dark as a result of 1,897 outages on the electric system that would have to be repaired, the newspaper said. As a first priority, Lakeland was bringing in chainsaw crews to clear downed trees from the roads. City Manager Tony Delgado said that more than 200 trees had fallen in Lakeland.
Officials were focused on restoring power at Polk County's facilities, said a report in the Lakeland Patch. County sheriff’s deputies were driving all roads to assess which roads were impassible, the newspaper reported Monday. Schools in Polk County will be closed there until Sept. 18, officials said.
Hundreds rescued from Jacksonville floods
On Tuesday, flooding and power outages continued to be a major problem in the public power city of Jacksonville — Florida’s largest metropolis — after a surge led to record levels of the St. Johns River on Monday. Trees were a big problem there, too.
“We have trees down in roads all over our city,” Jacksonville Mayor Lenny Curry tweeted on Tuesday afternoon. “Cut & toss crews are working in full force.”
Curry said that more than 350 people have had to be rescued from flooded homes. Stranded residents were being asked to put out a white cloth so that rescuers would know where to go to find them.
According to The Wall Street Journal, Curry said that Irma struck with a storm surge that would be expected from a Category 3 hurricane, even though its winds were at only tropical storm levels by the time it reached northeast Florida.
Meanwhile, convoys of utility trucks from utilities across the country — from the public power, investor-owned, and rural cooperative sectors — continued to make their way to the places in need of help. Many crews of lineworkers and tree workers were already in place and hard at work.
In a mutual aid conference call with American Public Power Association officials on Tuesday morning, Sept. 12, Amy Zubaly, executive director of the Florida Municipal Electric Association, said that public power utilities in Florida were grateful for the help.
“Thank you all for all the assistance on crews,” she said. “Our members are so appreciative.”
Number of outages was slowly diminishing
On Monday, 6.5 million electricity customers in Florida had no power, said Zubaly, and that number was down to 5.5 million as of Tuesday morning.
“Still a lot, but good progress,” she said. The 5.5 million included 536,000 customers of public power utilities.
The public power towns of Tallahassee — where FMEA has its headquarters — and Kissimmee were looking like they might be able to have virtually all service restored by the end of the day on Tuesday, she said, and if that was the case, crews from those utilities would be able to go to areas that had more extensive damage.
Polk County, in particular, was among the areas that really felt the wrath of Irma, Zubaly said.
In the Florida Keys, including the public power town of Key West, mutual aid crews had not yet been able to help because bridges to the Keys remained out, she said. Water service, as well as electric service, was out in the Keys, and communications networks were not working either.
“Hopefully, today will be a little better than yesterday,” she said.
For some communities in the beleaguered state, electricity could not be restored yet because major transmission lines were down.
Mike Hyland, APPA’s senior vice president of engineering services, who led the Tuesday morning public power mutual aid call, noted the need for tree-trimming crews to deal with all of the fallen trees and broken branches left behind by Irma.
“This could be more of a vegetation problem than a bucket truck, digger-derrick truck, problem,” at least for the immediate future, he said.
Mutual aid calls become a morning ritual
The mutual aid conference call on Sept 12, a call that has become a regular 9:30 a.m. event in recent weeks (since before Hurricane Harvey hit Texas), included public power officials from Florida, Georgia, South Carolina, North Carolina, Alabama, Tennessee, and Texas.
As of Tuesday morning, a public power mutual aid spreadsheet that uses Google Docs listed close to 1,000 mutual aid resources — crews that either are in the areas hit by the hurricane, are en route to Florida, or were expecting to leave soon.
The Wall Street Journal reported Tuesday that, according to estimates from the Federal Emergency Management Agency, Hurricane Irma destroyed 25 percent of homes in the Florida Keys.
Progress in Orlando, Kissimmee
The city of Orlando reported that as of 8:30 p.m. on Monday evening, it had restored power to approximately 24 percent of customers, reducing the total number out from its peak of 145,000 down to 108,000.
“Hundreds of crews spent the entire day assessing damage, removing trees and restoring power,” the Orlando Utilities Commission said in a Sept. 11 news release.
“Our team of assessors identified significant damage to OUC equipment including broken and leaning poles, blown transformers, and downed wires,” the public power utility said. Transmission lines were repaired and power was restored to critical facilities including water plants, wastewater, lift stations, hospitals, emergency shelters, police, and fire services.
The number of these facilities impacted “is larger than what we experienced with Hurricane Charley,” OUC said. “We thank everyone for their patience as we work as safely and quickly as possible.”
Late Tuesday afternoon, OUC said it currently estimates that it will have its entire service territory restored by 10 p.m. on Friday, Sept. 15. "Please keep in mind that the last 2 to 3 percent of our customers will be the most difficult to restore," the utility said. "Individual customer estimated times of restoration will be available Wednesday morning, Sept. 13, via the outage map at ouc.com."
In Kissimmee, Kissimmee Utility Authority crews worked through the day and evening on Monday to restore power to customers affected by Hurricane Irma, KUA reported Monday. At the peak of the storm on Monday morning, 38,000 customers — or 53 percent of the utility’s 72,000 customers — were without electricity, said spokesman Chris Gent. By 8 p.m. on Monday, crews had restored service to 27,128, or 71 percent of the customers impacted by the storm. About 10,872 customers remained without power.
Through a mutual aid agreement, KUA said it was bringing in lineworkers and tree trimmers from Indiana, Minnesota, Wisconsin and Texas to assist with power restoration. Some of the crews arrived in advance of the storm and the remaining workers were to begin work on Tuesday.
Hurricane Irma made landfall on Sunday morning, Sept. 10, as a Category 4 hurricane with maximum sustained winds of 130 miles per hour. By Monday, although the extent of the damage was still being assessed, it was already clear that, true to the predictions, this large, powerful — and it seemed, capricious — storm had caused widespread destruction on Florida’s west coast, its center, and its east coast as well.
On Tuesday, the New York Times posted satellite footage of Irma and two other hurricanes making their swirling paths through the Atlantic and Gulf of Mexico.
FERC, NERC issue joint statement
Meanwhile, Federal Energy Regulatory Commission Chairman Neil Chatterjee and North American Electric Reliability Corporation President and CEO Gerry Cauley on Sept. 12 issued a joint statement on electricity industry assistance related to Hurricane Irma recovery.
“We appreciate and encourage the ongoing inter-utility cooperation among utilities, both public and private, in response to Hurricane Irma, which devastated Florida and Georgia, neighboring states, Puerto Rico and U.S. territories in the Caribbean,” Chatterjee and Cauley said, noting that the storm comes on the heels of Hurricane Harvey, “which already put the electricity industry to the test.”
Chatterjee and Cauley said that the Hurricane Irma response likely will be among the largest industry restoration efforts in U.S. history.
Utility industry vegetation and line crews have traveled to the region in large numbers from across the country and Canada, they noted.
“Nevertheless, affected utilities in the southeastern United States report that, in many areas, they still urgently need vegetation management and line crews to expedite restoration and recovery of electricity to customers. We encourage cooperation of the industry in providing assistance to areas affected by Hurricane Irma,” Chatterjee and Cauley said in the statement.
They said that NERC vegetation management requirements under Reliability Standard FAC-003-4 – Vegetation Management provide flexibility in how utilities manage their programs and are not prescriptive with regard to specific milestones or dates.
The requirements generally contemplate the possibility of modifications to a utility’s annual work plan to respond to conditions such as identified unanticipated high priority work and crew or contractor availability due in part to mutual assistance agreements for helping after events such as hurricanes, the statement noted.
“Using our regulatory discretion, we will consider the actions of entities assisting others from the impacts of Hurricane Irma to be positive and to not negatively impact compliance considerations with respect to Reliability Standard FAC-003-4 Vegetation Management,” Chatterjee and Cauley said.
Mutual assistance and public-private cooperation “are hallmarks of the electric industry, and we appreciate the efforts underway to assist the areas affected by Hurricanes Harvey and Irma,” they went on to say in the statement.
“We particularly want to express our gratitude to the thousands of crews who have traveled, in many cases over long distances, to help restore electric service to customers in those areas,” Chatterjee and Cauley said.
Tags:
APPA
FERC
Florida
Irma
NERC
Permalink
| Comments (0)
|
|
|
Posted By IAMU,
Tuesday, March 29, 2016
|
From the March 22, 2016 issue of APPA Public Power Daily
By Jeannine Anderson, News Editor
Cyber attackers who hit three electric distribution companies in Ukraine in late December — causing 225,000 outages that lasted for a few hours — had sophisticated knowledge of utility systems that allowed them to take advantage of vulnerabilities in supervisory control and data acquisition, or SCADA, networks, says a March 18 report on the attack.
It appears that the attackers began their reconnaissance of the utility systems six months or more before the actual attack was carried out on Dec. 23, 2015, but their intrusion into the systems was not detected, according to the report. This enabled them to invade utility control systems and to hit the three utilities with coordinated cyber attacks that were carried out within 30 minutes of each other, the report said. The report, Analysis of the Cyber Attack on the Ukrainian Power Grid, was written by a joint team from the North American Electric Reliability Corp.’s Electricity Information Sharing and Analysis Center, or E-ISAC, and SANS Industrial Control Systems.
This is “the first time the world has seen this type of attack against OT systems in a nation’s critical infrastructure,” the report said, and it noted that nothing about the attack in Ukraine was specific to that country’s infrastructure. The attack methodologies that were used in this attack “are employable in infrastructures around the world,” said the report.
The attackers - whose identity remains unknown - demonstrated especially strong capabilities, “not in their choice of tools or in their expertise, but in their capability to perform long-term reconnaissance operations required to learn the environment and execute a highly synchronized, multistage, multisite attack,” said the analysis.
ICS Cyber Kill Chain
The coordinated attack on the Ukrainian power grid followed the “ICS cyber kill chain” that was outlined last year by Michael Assante and Robert M. Lee of the SANS Institute, the report noted.
“The American Public Power Association applauds the development and public release of the Ukrainian power outage cyber attack analysis by E-ISAC and SANS,” said Nathan Mitchell, APPA’s senior director of electric reliability standards and security. “The ICS cyber kill chain mapping helps utilities understand how the attacker formulates a plan for an attack, Mitchell said. The defense lessons explained in the report “point to basic cyber security practices as useful tools to disrupt a cyber attack,” he said.
“The description of possible techniques used for future attacks is a clear warning that any utility which does not follow basic cyber security practices is at risk of a similar cyber attack,” Mitchell said.
APPA recommends that public power utilities sign up for the E-ISAC portal to receive similar reports on other threats and vulnerabilities of concern to the electricity industry, Mitchell noted. Some of those reports are not released to he general public. To sign up for the E-ISAC portal, contact operations@esisac.com, www.esisac.com, or call the 24-hour hotline at 404-446-9780 and press 2.
Phishing, Malware Were Used to Access Control Systems
The report by E-ISAC and SANS described how the attackers used a variety of tools, “including spear phishing emails, variants of the BlackEnergy 3 malware, and the manipulation of Microsoft Office documents that contained the malware to gain a foothold” into the electricity companies’ information technology networks. They used virtual private networks, or VPNs, to enter the industrial control systems, or ICS network.
The attackers “showed expertise, not only in network connected infrastructure, such as uninterruptable power supplies,” but also in operating the ICS network, through a supervisory control system such as the human machine interface, or HMI, the report said.
When they were ready to execute their attack on the ICS network, “the adversaries used the HMIs in the SCADA environment to open the breakers,” the report said. At least 27 substations were taken offline across the three Ukrainian energy companies.
At the same time, “the attackers uploaded the malicious firmware to the serial-to-Ethernet gateway device,” the report explained. “This ensured that even if the operator workstations were recovered, remote commands could not be issued to bring the substations back online,” a process known as blowing the bridges. Attackers also used a remote telephonic denial of service to make sure that
affected customers could not report the outages.
The report noted that once the attackers had caused the SCADA distribution management systems to open breakers and cause a power outage, “they followed this with destructive attacks against workstations, servers, and embedded devices that provide industrial communication in their distribution substations.”
“The mitigation recommended here is to understand where this type of information exists inside your business network and ICSs,” the report said. “Minimizing where the information resides and controlling access is a priority for an ICS dependent organization.”
“It is extremely important to note that neither BlackEnergy 3, unreported backdoors, KillDisk, nor the malicious firmware uploads alone were responsible for the outage,” the report said. “Each was simply a component of the cyber attack for the purposes of access and delay of restoration. The actual cause of the outage was the manipulation of the ICS itself and the loss of control due to direct interactive
operations by the adversary.”
Remote Access Can Provide Opening
Once attackers have learned a system and have stolen information, they “may be able to develop additional attack approaches,” the report warned. One place that attackers may start looking for ways to get into utility networks is through trusted third-party networks or through remote support employee connections, the report pointed out. Those trying to protect their systems against attacks “are reminded that having remote access through a trusted connection is advantageous for an attacker.”
Preparing for a multifaceted attack “is not easy and it requires careful plan review, testing, integrated defense, and operations exercises,” the report said. “Rehearsing steps to more quickly sever or prevent remote access, to safely separate the ICSs from connected networks, or to contain and isolate suspicious hosts is critical.”
Among the report’s many recommendations for utilities is to limit remote connections only to personnel that need them, and when personnel do need remote access, to ensure that they do not have access to control elements. Utilities also would be wise to consider the use of a system event monitoring system “configured and monitored specifically for high-value ICS/SCADA systems,” the report said.
The possibility that a cyber attack could affect grid operations “is something the North American electric power sector has been preparing for over many years,” said the Electricity Subsector Coordinating Council in a February 2016 statement on the Ukraine incident. “These preparations include employing technologies and rigorous security standards, forging close partnerships to protect our systems and respond to incidents, and engaging in active information sharing about threats and vulnerabilities. It’s important to note that this comprehensive approach to security is the basis for our North American security posture.”
Tags:
Cyber Security
Electric
NERC
Permalink
| Comments (0)
|
|
Print Page
Blog Home
All Blogs
RSS
Facebook
Twitter
Linkedin