Vt. utility not specifically targeted for hack, official says
BURLINGTON, Vt. — Federal investigators have found no information suggesting this city's electric utility was specifically targeted after Burlington officials found malicious software linked to Russian hackers on a department laptop, the utility's general manager said Saturday.
Evidence of Internet traffic associated with Grizzly Steppe, a notorious Russian distributor of malware, was disturbing but did not pose a threat to Burlington Electric Department's highly computerized grid or its customers, said Neale Lunderville, general manager of the city-owned utility.
The stealth software, isolated on the one laptop, was discovered Friday as part of ongoing routine vigilance. The Obama administration released the code Thursday to allow utilities to check for it.
Attacks on the nation's electrical grid are among several infrastructure attack scenarios that worry federal officials and cyber-security experts. Critical infrastructure systems often are run on older computer networks and often are difficult to protect.
Russia penetrated Vermont utility company computer
President-elect Donald Trump continued Saturday to question the possibility of Russian involvement in the malware, likening it to the intelligence agencies' insistence in the lead-up to the Iraq War that Iraq had weapons of mass destruction.
"I want them to be sure," Trump said to reporters at his Mar-a-Largo retreat in Palm Beach, Fla. "I know a lot about hacking. And hacking is a very hard thing to prove. So it could be somebody else."
Ukraine has accused Russia of hacking into its electrical utilities and turning off power to several regions. In Burlington, temperatures hovered around freezing Friday and Saturday and a slight amount of snow fell.
Could hackers knock out our power? It happened in Ukraine
The federal Department of Homeland Security alerts utilities frequently about potential cyber threats. And most utilities, including Burlington's, use computer systems for regulating the grid and billing customers that are not connected to the Internet, Lunderville said.
Burlington Electric Department has encountered viruses before, but none that warranted the present level of scrutiny, he said, adding that many details of the federal investigation remain confidential.
Detecting malware — which includes spyware, ransomware and self-replicating computer viruses — has become routine, said Randy Norris, a Colchester, Vt.-based Internet-security expert.
Sanctions mark rare window into cyberwar
"This happens every day," he said.
Ambitious malware coders, likely sponsored by the U.S. and Israel, were able to override controls at Iran's uranium-enrichment facilities about a decade ago, causing a great deal of damage. More commonly, malware hitchhikes on downloads from the Web, he said.
Businesses, agencies and utilities typically maintain a secure a technological separation between public and proprietary systems, Norris said.
That gap is in place at Burlington's electric utility, Lunderville said.
"And going forward, we will continue to monitor our systems closely in coordination with federal officials and remain ever vigilant," he said.
Think cyberthreats are bad now? They'll get worse in 2017 with 'spear phishing,' etc.
An official statement Saturday from the Burlington Electric Department condemned the media for jumping to report it.
"It's unfortunate that an official or officials improperly shared inaccurate information with one media outlet, leading to multiple inaccurate reports around the country." according to the statement, which also noted that the sort of suspicious Internet traffic the utility encountered has been observed elsewhere and is not unique to Burlington Electric.
It remained unclear Saturday whether the penetration in Burlington was an attempt to disrupt the utility or simply a test. The incident was the first widely publicized malware found on a utility's computer that was linked to Russian hackers.
Follow Joel Banner Baird on Twitter: @VTgoingUp