Symantec Proves Russian

U.S. Power Grid Cybersecurity combats DHS-FBI flagged threats to energy infrastructure, with PJM Interconnection using ICS/SCADA segmentation, phishing defenses, incident response, and resilience exercises against Russia-linked attacks and pipeline intrusions.

Key Points

Strategies, controls, and training that protect U.S. electric infrastructure from cyber threats and disruptions.

✅ ICS/SCADA network segmentation and zero-trust architecture

✅ Employee phishing drills and incident response playbooks

✅ DOE-led grid exercises and threat intelligence sharing

The joint alert from the FBI and Department of Homeland Security last month warning that Russia was hacking into critical U.S. energy infrastructure, as outlined in six essential reads on Russian hacks from recent coverage, came as no surprise to the nation’s largest grid operator, PJM Interconnection.

“You will never stop people from trying to get into your systems. That isn’t even something we try to do.” said PJM Chief Information Officer, Tom O’Brien. “People will always try to get into your systems. The question is, what controls do you have to not allow them to penetrate? And how do you respond in the event they actually do get into your system?”

PJM is the regional transmission organization for 65 million people, covering 13 states, including Pennsylvania, and Washington D.C.

On a rainy day in early April, about 10 people were working inside PJM’s main control center, outside Philadelphia, closely monitoring floor-to-ceiling digital displays showing real-time information from the electric power sector throughout PJM’s territory in the mid-Atlantic and parts of the midwest, amid reports that hackers accessed control rooms at U.S. utilities.

#google#

Donnie Bielak, a reliability engineering manager, was overseeing things from his office, perched one floor up.

“This is a very large, orchestrated effort that goes unnoticed most of the time,” Bielak said. “That’s a good thing.”

But the industry certainly did take notice in late 2015 and early 2016, when hackers successfully disrupted power to the Ukrainian grid. The outages lasted a few hours and affected about 225,000 customers. It was the first publicly-known case of a cyber attack causing major disruptions to a power grid. It was widely blamed on Russia.

One of the many lessons of the Ukraine attacks was a reminder to people who work on critical infrastructure to keep an eye out for odd communications.

“A very large percentage of entry points to attacks are coming through emails,” O’Brien said. “That’s why PJM, as well as many others, have aggressive phishing campaigns. We’re training our employees.”

O’Brien doesn’t want to get into specifics about how PJM deals with cyber threats. But one common way to limit exposure is by having separate systems: For example, industrial controls in a power plant are not connected to corporate business networks, a separation underscored after breaches at U.S. power plants prompted reviews across the sector.

Since 2011, North American grid operators and government agencies have also done large, security exercises every two years. Thousands of people practice how they’d respond to a coordinated physical or cyber event, including rising substation attacks that highlight resilience gaps.

So far, nothing like that has happened in the U.S. It’s possible, but not likely, according to Robert M. Lee, a former military intelligence analyst, who runs the industrial cybersecurity firm Dragos.

“The more complex the system, the harder it is to have a scalable attack,” said Lee, who co-authored a report analyzing the Ukraine attacks. “If you wanted to take out a power generation station– that isn’t the most complex thing. Let’s say you cause an hour of outage. But now you want to cause two months of outages? That’s an exponential increase in effort required.”

For example, he said, it would very difficult for hackers to knock out power to the entire east coast for a long time. But briefly disrupting a major city is easier. That’s the sort of thing that keeps him up at night.

“I worry about an adversary getting into, maybe, Washington D.C.’s portion of the grid, taking down power for 30 minutes,” he said.

The Department of Energy is creating a new office focused on cybersecurity and emergency response, following the U.S. government’s condemnation of power grid hacking by Russia.

Deterrence may be one reason why there has not yet been a major attack on the U.S. grid, said John MacWilliams, a former senior DOE official who’s now a fellow at Columbia University’s Center on Global Energy Policy.

“That’s obviously an act of war,” he said. “We have the capability of responding either through cyber mechanisms or kinetic military.”

In the meantime, small-scale incidents keep happening.

This spring, another cyber attack targeted natural gas pipelines. Four companies shut down their computer systems, just in case, but they say no service was disrupted.

Related News

• Electricity Forum News

• Grid Technologies News

US Electricity Sales Decline amid population growth and GDP gains, as DOE links reduced per capita consumption to energy efficiency, warmer winters, appliances, and bulbs, while hotter summers and rising AC demand may offset savings.

Key Points

US electricity sales fell 3% since 2010 despite population and GDP growth, driven by efficiency gains and warmer winters.

✅ DOE links drops to efficiency and warmer winters

✅ Per capita residential use fell about 7% since 2010

✅ Rising AC demand may offset winter heating savings

Since 2010, the United States has grown by 17 million people, and the gross domestic product (GDP) has increased by $3.6 trillion. Yet in that same time span, electricity sales in the United States actually declined by 3%, according to data released by the U.S. Department of Energy (DOE), even as electricity prices rose at a 41-year pace nationwide.

The U.S. decline in electricity sales is remarkable given that the U.S. population increased by 5.8% in that same time span. This means that per capita electricity use fell even more than that; indeed, the Department of Energy pegs residential electricity sales per capita as having declined by 7%, even as inflation-adjusted residential bills rose 5% in 2022 nationwide.

There are likely multiple reasons for this decline in electricity sales. Department of Energy analysts suggest that, at least in part, it is due to increased adoption of energy-efficient appliances and bulbs, like compact fluorescents. Indeed, the DOE notes that there is a correlation between consumer spending on “energy efficiency” and a reduction in per capita electricity sales, while utilities invest more in delivery infrastructure to modernize the grid.

Yet the DOE also notes that states with a greater increase in warm weather days had a corresponding decrease in electricity sales, as milder weather can reduce power demand across years. In southern states, the effect was most dramatic: for instance, from 2010 to 2016, Florida had a 56% decrease in cold weather days that would require heating and as a result, saw a 9% decrease in per capita electricity sales.

The moral is that warm winters save on electricity. But if global temperatures continue to rise, and summers become hotter, too, this decrease in winter heating spending may be offset by the increased need to run air conditioning in the summer, and given how electricity and natural gas prices interact, overall energy costs could shift. Indeed, it takes far more energy to cool a room than it does to heat it, for reasons related to the basic laws of thermodynamics. 

Related News

• Electricity Forum News

• Energy Policy News

Dewa-China Renewable Energy Partnership advances solar, clean energy, smart grid, 5G, cloud, and Big Data, linking Dewa with Hanergy and Huawei for R&D, smart meters, demand management, and resilient network infrastructure.

Key Points

A Dewa collaboration with Hanergy and Huawei to co-develop solar, smart grid, 5G, cloud, and resilient utility networks.

✅ MoU expands solar PV and distributed generation in Dubai and China

✅ Smart grid R&D: smart meters, demand response, self-healing networks

✅ 5G, cloud, and Big Data enable secure, scalable smart city services

A high-level delegation from Dubai Electricity and Water Authority (Dewa) recently visited China in bid to build closer ties with Chinese renewable and clean energy and smart services and smart grid companies, amid broader power grid modernization in Asia trends.

The team led by the managing director and CEO Saeed Mohammed Al Tayer visited the headquarters of Hanergy Holding Group, one of the largest international companies in alternative and renewable energy, in Beijing.

The visit complements the co-operation between Dewa and Hanergy after the signing MoU between the two sides last May, said a statement from Dewa.

The two parties focused on renewable and clean energy and its development, including efforts to integrate solar into the grid through advanced programs, and enhancing opportunities for joint investment.

Al Tayer also visited the Exhibition Hall and Exhibition Centre of the Hanergy Clean Energy Exhibition spread over a 7,000-sq-m area at the Beijing Olympic Park.

He discussed solar power technologies and applications, which included integrated photovoltaic panels and their distribution on the roofs of industrial and residential buildings, residential and mobile power systems, micro-grid installations in remote regions, solar-powered vehicles, and various elements of the exhibition.

Al Tayer and the accompanying delegation later visited the Beijing R&D Centre, which is one of Huaweis largest research institutes, known for Huawei smart grid initiatives across global markets, that employs over 12,000 people. The centre covers the latest pre-5G solutions, Cloud, Big Data, as well as vertical solutions for a smart and safe city.

"The visit is part of a joint venture with Huawei, which includes R&D projects to develop smart network infrastructures and various mechanisms and technologies, aligned with recent U.S. grid improvement funding initiatives, such as smart meters for electricity and water services, energy demand management, and self-recovery mechanisms from errors and disasters," he added.

Related News

• Electricity Forum News

• Renewable Energy News

Vancouver October 2024 Windstorm brought extreme weather to British Columbia, causing power outages, storm damage, and downed lines as BC Hydro crews led emergency response and restoration, highlighting climate change resilience and community preparedness.

Key Points

A severe storm with 100 km/h gusts that caused outages and damage in Vancouver, prompting wide power restoration.

✅ 100 km/h gusts toppled trees and downed power lines

✅ Over 200,000 BC Hydro customers lost electricity

✅ Crews and communities coordinated emergency response

In October 2024, a powerful windstorm swept through the Vancouver area, resulting in widespread power outages and disruption across the region. The storm, characterized by fierce winds and heavy rainfall, reflected conditions seen when strong winds in the Miami Valley knocked out power earlier this year, and was part of a larger weather pattern that affected much of British Columbia. Residents braced for the impacts, with local authorities and utility companies preparing for the worst.

The Storm's Impact

The windstorm hit Vancouver with wind gusts exceeding 100 km/h, toppling trees, and downing power lines. As the storm progressed, reports of damaged properties and fallen trees began to flood in. Many neighborhoods experienced significant power outages, mirroring widespread outages in Quebec earlier in the season, with thousands of residents left without electricity for extended periods. The areas hardest hit included the West End, Kitsilano, and parts of the North Shore, where the impact of the storm was particularly severe.

Utility companies, including BC Hydro operations, mobilized their crews quickly in response to the storm's aftermath. Emergency response teams worked tirelessly to restore power, often facing challenging conditions. The restoration efforts were complicated by the sheer number of outages reported—over 200,000 customers were affected at the height of the storm. Crews encountered not only downed lines but also hazardous conditions as they navigated through debris-laden streets.

Community Response and Resilience

In the wake of the storm, the community showcased remarkable resilience. Local residents rallied together to assist one another, sharing resources and providing support to those most affected. Many community centers opened their doors as emergency shelters, offering warmth and safety to those without power, a step also taken when a London power outage disrupted mornings for thousands across the city.

Authorities also emphasized the importance of preparedness in such situations. They urged residents to have emergency kits ready, including food, water, and essential supplies, noting that nearby areas like North Seattle can face sudden outages with little warning. Local officials highlighted the value of staying informed through weather updates and alerts, allowing residents to make informed decisions during extreme weather events.

The Role of Climate Change

The October windstorm serves as a stark reminder of the increasing frequency and intensity of extreme weather events, a trend often linked to climate change. Experts have noted that rising global temperatures are contributing to more severe weather patterns, including stronger storms and increased Toronto flooding events. As cities like Vancouver face the reality of climate change, discussions about infrastructure resilience and adaptation strategies have gained urgency.

City planners and environmental advocates are pushing for initiatives that enhance the city's ability to withstand extreme weather. This includes improving stormwater management systems, increasing green spaces to absorb rainfall, and investing in renewable energy sources. By addressing these challenges proactively, Vancouver aims to mitigate the impacts of future storms and protect its residents.

Moving Forward

As recovery efforts continue, the focus now shifts to restoring normalcy and preparing for future weather events. Residents are encouraged to report any ongoing outages or hazards to local authorities and to stay updated through reliable news sources. BC Hydro and other utility companies are committed to transparency, providing regular updates on power restoration efforts, even as outages can persist for days as seen in Toronto after a spring storm.

The October 2024 windstorm will be remembered not only for its immediate impacts but also as a catalyst for discussions on resilience and community preparedness. As Vancouver looks ahead, the lessons learned from this storm will shape strategies for better handling extreme weather, ensuring that the city is equipped to face the challenges posed by a changing climate.

In conclusion, while the windstorm caused significant disruption and hardship for many, it also highlighted the strength of community spirit and the importance of proactive planning in the face of climate challenges. Vancouver's response and recovery will be crucial in building a more resilient future for all its residents.

Related News

• Electricity Forum News

• Utility Operations News

Hydro One Bill Redesign Spending sparks debate over Ontario Energy Board regulation, rate applications, privatization, and digital billing upgrades, as surveys cite confusing invoices under the Fair Hydro Plan for residential, commercial, and industrial customers.

Key Points

$15M project to simplify Hydro One bills, upgrade systems, and improve digital billing for commercial customers.

✅ $9M spent; $6M proposed for C&I and large-account changes.

✅ OEB to rule amid rate application and privatization scrutiny.

✅ Survey: 40% of customers struggled to understand bills.

Ontario's largest and recently privatized electricity utility has spent $9-million to redesign bills and is proposing to spend an additional $6-million on the project.

Hydro One has come under fire for spending since the Liberal government sold more than half of the company, notably for its CEO's $4.5-million pay.

Now, the NDP is raising concerns with the $15-million bill redesign expense contained in a rate application from the formerly public utility.

"I don't think the problem we face is a bill that people can't understand, I think the problem is rates that are too high," said energy critic Peter Tabuns. "Fifteen million dollars seems awfully expensive to me."

But Hydro One says a 2016 survey of its customers indicated about 40 per cent had trouble understanding their bills.

Ferio Pugliese, the company's executive vice-president of customer care and corporate affairs, said the redesign was aimed at giving customers a simpler bill.

"The new format is a format that when tested and put in front of our customers has been designed to give customers the four or five salient items they want to see on their bill," he said.

About $9-million has already gone into redesigning bills, mostly for residential customers, Pugliese said. Cosmetic changes to bills account for about 25 per cent of the cost, with the rest of the money going toward updating information systems and improving digital billing platforms, he said.

The additional $6-million Hydro One is looking to spend would go toward bill changes mostly for its commercial, industrial and large distribution account customers.

Energy Minister Glenn Thibeault noted in a statement that the Ontario Energy Board has yet to decide on the expense, but he suggested he sees the bill redesign as necessary alongside legislation to lower electricity rates introduced by the province.

"With Ontarians wanting clearer bills that are easier to understand, Hydro One's bill redesign project is a necessary improvement that will help customers," he wrote.

"Reductions from the Fair Hydro Plan (the government's 25 per cent cut to bills last year) are important information for both households and businesses, and it's our job to provide clear, helpful answers whenever possible."

The OEB recently ordered Hydro One to lower a rate increase it had been seeking for this year to 0.2 per cent down from 4.8 per cent.

The regulator also rejected a Hydro One proposal to give shareholders all of the tax savings generated by the IPO in 2015 when the Liberal government first began partially privatizing the utility. The OEB instead mandated shareholders receive 62 per cent of the savings while ratepayers receive the remaining 38 per cent.

Related News

• Electricity Forum News

• Energy Policy News

Crouching Yeti APT targets energy infrastructure with watering-hole attacks, compromising servers to steal credentials and stage intrusions; Kaspersky Lab links the Energetic Bear group to ICS threats across Russia, US, Europe, and Turkey.

Key Points

Crouching Yeti APT, aka Energetic Bear, is a threat group that targets energy firms using watering-hole attacks.

✅ Targets energy infrastructure via watering-hole compromises

✅ Uses open-source tools and backdoored sshd for persistence

✅ Scans global servers to stage intrusions and steal credentials

A hacker collective known for attacking industrial companies around the world have had some of their infrastructure identified by Russian security specialists.

Kaspersky Lab said that it has discovered a number of servers compromised by the group, belonging to different organisations based in Russia, the US, and Turkey, as well as European countries.

The Russian-speaking hackers, known as Crouching Yeti or Energetic Bear, mostly focus on energy facilities, as seen in reports of infiltration of the U.S. power grid targeting critical infrastructure, for the main purpose of stealing valuable data from victim systems.

Hacked servers

Crouching Yeti is described as an advanced persistent threat (APT) group that Kaspersky Lab has been tracking since 2010.

#google#

Kaspersky Lab said that the servers it has compromised are not just limited to industrial companies. The servers were hit in 2016 and 2017 with different intentions. Some were compromised to gain access to other resources or to be used as intermediaries to conduct attacks on other resources.

Others, including those hosting Russian websites, were used as watering holes.

It is a common tactic for Crouching Yeti to utilise watering hole attacks where the attackers inject websites with a link redirecting visitors to a malicious server.

“In the process of analysing infected servers, researchers identified numerous websites and servers used by organisations in Russia, US, Europe, Asia and Latin America that the attackers had scanned with various tools, possibly to find a server that could be used to establish a foothold for hosting the attackers’ tools and to subsequently develop an attack,” said the security specialists in a blog posting.

“The range of websites and servers that captured the attention of the intruders is extensive,” the firm said. “Kaspersky Lab researchers found that the attackers had scanned numerous websites of different types, including online stores and services, public organisations, NGOs, manufacturing, etc.

Kaspersky Lab said that the hackers used publicly available malicious tools, designed for analysing servers, and for seeking out and collecting information. The researchers also found a modified sshd file with a preinstalled backdoor. This was used to replace the original file and could be authorised with a ‘master password’.

“Crouching Yeti is a notorious Russian-speaking group that has been active for many years and is still successfully targeting industrial organisations through watering hole attacks, among other techniques,” explained Vladimir Dashchenko, head of vulnerability research group at Kaspersky Lab ICS CERT.

Russian government?

“Our findings show that the group compromised servers not only for establishing watering holes, but also for further scanning, and they actively used open-sourced tools that made it much harder to identify them afterwards,” he said.

“The group’s activities, such as initial data collection, the theft of authentication data, and the scanning of resources, are used to launch further attacks,” said Dashchenko. “The diversity of infected servers and scanned resources suggests the group may operate in the interests of the third parties.”

This may well tie into a similar conclusion from a rival security vendor.

In 2014 CrowdStrike claimed that the ‘Energetic Bear’ group was also tracked in Symantec's Dragonfly research and had been hacking foreign companies on behalf of the Russian state.

The security vendor had said the group had been carrying out attacks on foreign companies since 2012, with reports of breaches at U.S. power plants that underscored the campaign, and there was evidence that these operations were sanctioned by the Russian government.

Last month the United States for the first time publicly accused Russia in a condemnation of Russian grid hacking of attacks against the American power grid.

Symantec meanwhile warned last year of a resurgence in cyber attacks on European and US energy companies, including reports of access to U.S. utility control rooms that could result in widespread power outages.

And last July the UK’s National Cyber Security Centre (NCSC) acknowledged it was investigating a broad wave of attacks on companies in the British energy and manufacturing sectors.

Related News

• Electricity Forum News

• Grid Technologies News