Ontario looks to build on electricity deal with Quebec

Puerto Rico Microgrid Regulations outline renewable energy, CHP, and storage standards, enabling islanded systems, PREPA interconnection, excess energy sales, and IRP alignment to boost resilience, distributed resources, and community power across the recovering grid.

Key Points

Rules defining microgrids, requiring 75 percent renewables or CHP, and setting interconnection and PREPA fee frameworks.

✅ 75 percent renewables or CHP; hybrids allowed

✅ Registration, engineer inspection, and annual generation reports

✅ PREPA interconnection fees; excess energy sales permitted

The Puerto Rico Energy Commission unveiled 29 pages of proposed regulations last week for future microgrid installations on the island.

The regulations, which are now open for 30 days of public comment, synthesized pages of responses received after a November 10 call for recommendations. Commission chair José Román Morales said it’s the most interest the not-yet four-year-old commission has received during a public rulemaking process.

The goal was to sketch a clearer outline for a tricky-to-define concept -- the term "microgrid" can refer to many types of generation islanded from the central grid -- as climate pressures on the U.S. grid mount and more developers eye installations on the recovering island.

“There’s not a standard definition of what a microgrid is, not even on the mainland,” said Román Morales.

According to the commission's regulation, “a microgrid shall consist, at a minimum, of generation assets, loads and distribution infrastructure. Microgrids shall include sufficient generation, storage assets and advanced distribution technologies, including advanced inverters, to serve load under normal operating and usage conditions.”

All microgrids must be renewable (with at least 75 percent of power from clean energy), combined heat and power (CHP) or hybrid CHP-and-renewable systems. The regulation applies to microgrids controlled and owned by individuals, customer cooperatives, nonprofit and for-profit companies, and cities, but not those owned by the Puerto Rico Electric Power Authority (PREPA). Owners must submit a registration application for approval, including a certification of inspection from a licensed electric engineer, and an annual fuel, generation and sales report that details generation and fuel source, as well as any change in the number of customers served.

Microgrids, like the SDG&E microgrid in Ramona in California, can interconnect with the PREPA system, but if a microgrid will use PREPA infrastructure, owners will incur a monthly fee. That amounts to $25 per customer up to a cap of $250 per month for small cooperative microgrids. The cost for larger systems is calculated using a separate, more complex equation. Operators can also sell excess energy back to PREPA.

Big goals for the island's future grid

In total, 53 groups and companies, including Sunnova, AES, the Puerto Rico Solar Energy Industries Association (PR-SEIA), the Advanced Energy Management Alliance (AEMA), and the New York Smart Grid Consortium, submitted their thoughts about microgrids or, in many cases, broader goals for the island’s future energy system. It was a quick turnaround: The Puerto Rico Energy Commission offered a window of just 10 days to submit advice, although the commission continued to accept comments after the deadline.

“PREC wanted the input as fast as possible because of the urgency,” said AES CEO Chris Shelton.

AES’ plan includes a network of “mini-grids” that could range in size from several megawatts to one large enough to service the entire city of San Juan.

“The idea is, you connect those to each other with transmission so they can have a co-optimized portfolio effect and lower the overall cost,” said Shelton. “But they would be largely autonomous in a situation where the tie-lines between them were broken.”

According to estimates provided in AES’ filing, utility-scale solar installations over 50 megawatts on the island could cost between $40 and $50 per megawatt-hour. Those prices make solar located near load centers an economic alternative to the island’s fossil-fuel generating plants. The utility’s analysis showed that a 10,000-megawatt solar system could replace 12,000 gigawatt-hours of fossil generation, with 25 gigawatt-hours of battery storage leveling out load throughout the day. Puerto Rico’s peak load is 3,000 megawatts.

In other filings, PR-SEIA urged a restructuring of FEMA funds so they’re available for microgrid development. GridWise Alliance wrote that plans should consider cybersecurity, and AEMA recommended the commission develop an integrated resource plan (IRP) that includes distributed energy resources, microgrids and non-wires alternatives.

An air of optimism, though 1.5 million are still without power

After the commission completes the microgrid rulemaking, a new IRP is next on the commission’s to-do list. PREPA must file that plan in July, and regulators are working furiously to make sure it incorporates the recent flood of rebuilding recommendations from the energy industry.

Though the commission has the final say when it comes to approval of the plan, PREPA will lead the IRP process. The utility’s newly formed Transformation Advisory Council (TAC), a group of 11 energy experts, will contribute.

With that group, along with New York’s Resiliency Working Group, lessons from California's grid transition, the Energy Commission, the utility itself, and the dozens of other clean energy experts and entrepreneurs who want to offer their two cents, the energy planning process has a lot of moving parts. But according to Julia Hamm, CEO of the Smart Electric Power Alliance and a member of both the Energy Resiliency Working Group and the TAC, those working to establish standards for Puerto Rico’s future are hitting their stride.

“Certainly over the past three months, it has been a bit of a challenge to ensure that everybody has been coordinating efforts. Just over the past couple of weeks, we’ve seen some good progress on that front. We’re starting to see a lot more communication,” she said, adding that an air of optimism has settled on the process. “The key stakeholders all have a very common vision for Puerto Rico when it comes to the power sector.”

Nisha Desai, a PREPA board member who is liaising with the TAC, affirmed that collaborators are on the same page. “Everyone is violently in agreement that the future of Puerto Rico involves renewables, microgrids and distributed generation,” she said.

The TAC will hold its first in-person meeting in mid-January, and has already consulted with the utility on its formal fiscal plan submission, due January 10.

Though many taking part in the process feel the once-harried recovery is beginning to adopt a more organized approach, Desai acknowledges that “there are a lot of people in Puerto Rico who feel forgotten.”

Puerto Rico’s current generation sits at just 72.6 percent, in a nation facing longer, more frequent outages due to extreme weather. The government recently offered its first estimate that about half the island, 1.5 million residents, remains without power.

In late December and into January, 1,500 more crewmembers from 18 utilities in states as far flung as Minnesota, Missouri and Arizona will land on the island to aid further restoration through mutual aid agreements.

“The system is getting up to speed, getting to 100 percent, but there’s still some instability,” said Román Morales. “Right now it’s a matter of time.”

Related News

• Electricity Forum News

• Grid Technologies News

Australian Rooftop Solar Grid Constraints are driving debates over voltage rise, export limits, inverter curtailment, DER integration, and network reliability, amid concerns about localized blackouts, infrastructure protection, tariff reform, and battery storage adoption.

Key Points

Limits on solar exports to curb voltage rise, protect equipment, and keep the distribution grid reliable.

✅ Voltage rise triggers transformer protection and local outages.

✅ Export limits and smart inverter curtailment manage midday backfeed.

✅ Tariff reform and DER orchestration defer costly network upgrades.

With almost 1.8 million Australian homes and businesses relying on power from rooftop solar panels, there is a fight brewing over the impact of solar energy on the national electricity grid.

Electricity distributors are warning that as solar uptake continues to increase, there is a risk excess solar power could flow into the network, elevating power outage risks, causing blackouts and damaging infrastructure.

But is it the network businesses that are actually at risk, as customers turn away from centrally produced electricity?

This is what three different parties have to say:

Andrew Dillon of the network industry peak body, Energy Networks Australia (ENA), told 7.30 the way customers are charged for electricity has to change, or expensive grid upgrades to poles and wires will be needed to keep solar customers on the grid.

"The engineering reality is once we get too much solar in a certain space it does start to cause technical issues," he said.

"If there is too much energy coming back up the system in the middle of the day, it can cause frequency voltage disturbances in the system, which can lead to transformers tripping off to protect themselves from being damaged and that will cause localised blackouts.

"There are pockets of the grid already where we have significant penetration and we are starting to see technical issues."

However, he acknowledges that excess solar power has yet to cause any blackouts, or damage electricity infrastructure.

"I don't buy that at all," he said.

"It can be that in some suburbs or parts of suburbs a high penetration of solar on the point of use can raise voltage, these issues generally can be dealt with quickly.

"The critical issue is think where you are getting that perspective from. It is from an industry whose underlying market is threatened by customers doing it for themselves through peer-to-peer energy models. So, think with some critical insight to these claims."

He said when too many people rely on solar it threatens the very business model of the companies that own Australia's poles and wires.

"When the customers use the network less to buy centrally produced electricity, they ship less product," he said.

"When they ship less product, their underlying business is undermined, they need to charge more to the customers left and that leads to what has been called a death spiral.

"We are seeing rapid reductions in consumption at the point of use per household."

But Mr Dillon denies the distributors are acting out of self-interest.

"I absolutely reject that claim," he said.

"[What] we, as networks, have an interest in is running a safe network, running a reliable network, enabling the transition to a low carbon future and doing all that while keeping costs down as much as possible."

Solar installers say the networks are holding back business

Around Australia the poles and wires companies can decide which solar systems can connect to the grid.

Small systems can connect automatically, but in some areas, those wanting a larger system can find themselves caught up in red tape.

The vice-president of the Australian Solar Council, Glen Morris, said these limitations were holding back solar installation businesses and preventing the take-up of new battery storage technology.

"If you've already got a five kilowatt system, your house is full as far as the network is concerned," Mr Morris said.

"You go to add a battery, that's another five kilowatts and so they say no you're already full … so you can't add storage to your solar system."

The powers that be are stumbling in the dark to prevent a looming energy crisis, as the grid seeks to balance renewables' hidden challenges and competing demands.

Mr Morris also said the networks had the capacity to solve the problem of any excess solar flows into the grid, and infrastructure upgrades were not necessary.

"They already have the capability to turn off your solar invertor whenever they feel like it," he said.

"If they choose to connect that functionality, it's there in the inverter. The customer already has it."

ENA has acknowledged there is frustration with rooftop system size limits in the solar industry.

"What we are seeing is solar installers and others slightly frustrated at different requirements for different networks and sometimes they are unclear on the reasons for that," Mr Dillon said.

"Limitations are in place across the country to keep the lights on and make sure the network stays safe and we don't have sudden rushes of people connecting to the grid that causes outage issues."

But Mr Mountain is unconvinced, calling the limitations "somewhat spurious".

"The published, documented, critically reviewed analyses are few and far between, so it is very easy for engineers to make these arguments and those in policy circles only have so much tolerance for the detail," he said.

Related News

• Electricity Forum News

• Renewable Energy News

French Antitrust Fines for Electrical Cartel expose price fixing by Schneider Electric, Legrand, Rexel, and Sonepar, after a Competition Authority probe into electrical distribution, collusion, and compliance breaches impacting market competition and customers.

Key Points

Penalties on Schneider Electric, Legrand, Rexel, and Sonepar for electrical price fixing, upholding competition law.

✅ Competition Authority fined four major suppliers.

✅ Collusion raised prices across construction and industry.

✅ Firms bolster compliance programs and training.

In a significant crackdown on corporate malfeasance, French authorities have imposed hefty fines on four major electrical equipment companies—Schneider Electric, Legrand, Rexel, and Sonepar—after concluding a price-fixing investigation. The total fines amount to approximately €500 million, underscoring the seriousness with which regulators are addressing anti-competitive practices in the electrical distribution sector, even as France advances a new electricity pricing scheme to address EU concerns.

Background of the Investigation

The probe, initiated by France’s Competition Authority, sought to uncover collusion among these leading firms regarding the pricing of electrical equipment and services between 2005 and 2012. This investigation is part of a broader initiative to promote fair competition within the market, as Europe prepares to revamp its electricity market to bolster transparency, ensuring that consumers and businesses alike benefit from competitive pricing and innovative products.

The inquiry revealed that these companies had engaged in illicit agreements to fix prices and coordinate their market strategies, limiting competition in a sector critical to both the economy and infrastructure. The findings indicated that the collusion not only stifled competition but also led to inflated prices for customers, illustrating why rolling back electricity prices is often more complex than it appears for customers across various sectors, from construction to manufacturing.

The Fines Imposed

Following the conclusion of the investigation, the fines levied against the companies were substantial. Schneider Electric faced the largest penalty, receiving a fine of €220 million, while Legrand was fined €150 million. Rexel and Sonepar were each fined €70 million and €50 million, respectively. These financial penalties serve as a deterrent to other companies that might consider engaging in similar practices, reinforcing the message that anti-competitive behavior will not be tolerated.

The fines are particularly significant given the size and influence of these companies within the electrical equipment market. Their combined revenues amount to billions of euros annually, making the repercussions of their actions far-reaching. As major players in the industry, their pricing strategies have a direct impact on numerous sectors, from residential construction to large-scale industrial projects.

Industry Reactions

The response from the affected companies has varied. Schneider Electric expressed its commitment to compliance and transparency, acknowledging the importance of adhering to competition laws, amid ongoing EU electricity reform debates that influence market expectations.

Legrand also emphasized its commitment to fair competition, noting that it has taken steps to enhance its compliance framework in response to the investigation. Rexel and Sonepar similarly reaffirmed their dedication to ethical business practices and their intention to cooperate with regulators in the future.

Industry experts have pointed out that these fines, while significant, may not be enough to deter large corporations from engaging in similar behavior unless accompanied by a broader cultural shift within the industry. There is a growing call for enhanced oversight and stricter penalties to ensure that companies prioritize ethical conduct over short-term profits.

Implications for the Market

The fines imposed on Schneider, Legrand, Rexel, and Sonepar could have broader implications for the electrical equipment market and beyond. They signal to other companies within the sector that regulatory bodies are vigilant, even as nine EU countries oppose electricity market reforms proposed as fixes for price spikes, and willing to take decisive action against anti-competitive practices. This could foster a more competitive environment, ultimately benefiting consumers through better prices and enhanced product offerings.

Moreover, the case highlights the importance of regulatory bodies in maintaining fair market conditions. As industries evolve, ongoing vigilance from competition authorities will be necessary to prevent similar instances of collusion and ensure that markets remain competitive and innovative, as seen when New York opened a formal review of retail energy markets.

The recent fines imposed on Schneider Electric, Legrand, Rexel, and Sonepar mark a significant moment in France's ongoing battle against corporate price-fixing and anti-competitive practices, occurring as the government and EDF reached a deal on electricity prices to balance market pressures. With total penalties exceeding €500 million, the investigation underscores the commitment of French authorities to uphold market integrity and protect consumer interests.

As the industry reflects on these developments, it remains crucial for companies to prioritize compliance and ethical business practices. The ultimate goal is to create an environment where competition thrives, innovation flourishes, and consumers benefit from fair pricing. This case serves as a reminder that transparency and accountability are vital in maintaining the health of any market, particularly one as essential as the electrical equipment sector.

Related News

• Electricity Forum News

• Energy Policy News

Site C Dam Electricity Demand underscores B.C.'s decarbonization path, enabling electrification of EVs, heat pumps, and industry, aligning with BC Hydro forecasts and 2030/2050 GHG targets to supply dependable, renewable baseload power.

Key Points

Projected clean power tied to Site C, driven by B.C. electrification to meet 2030 and 2050 greenhouse gas targets.

✅ Aligns with 25-30% by 2030 and 55-70% by 2050 GHG cuts

✅ Supports EVs, heat pumps, and industrial electrification

✅ Provides dependable baseload alongside efficiency gains

There are valid reasons not to build the Site C dam. There are also valid reasons to build it. One of the latter is the rapid increase in clean electricity needed to reduce B.C.’s greenhouse gas emissions from burning natural gas, gasoline, diesel and other harmful fossil fuel products.

Although former Premier Christy Clark casually avoided near-term emissions targets, Prime Minister Justin Trudeau has set Canadian targets for both 2030 and 2050, and cleaning up Canada's electricity is critical to meeting them. Studies by my research group at Simon Fraser University and other independent analysts show that B.C.’s cost-effective contribution to these national targets requires us to reduce our emissions 25 to 30 per cent by 2030 and 55 to 70 per cent by 2050 — an energy evolution involving, among other things, a much greater use of electricity in buildings, vehicles and industry.

Recent submissions to the Site C hearing have offered widely different estimates of B.C.’s electricity demand in the decade after the project’s completion in 2025, some arguing the dam’s output will be completely surplus to domestic need for years and perhaps decades, even though improved B.C.-Alberta grid links could help balance regional demand. Some of this variation in demand forecasts is understandable. Industrial demand is especially difficult to predict, dependent as it is on global economic conditions and shifting trade relations. And there are legitimate uncertainties about B.C. Hydro’s ability to reduce electricity demand by promoting efficient products and behaviour through its Power Smart program. But some of the forecasts appear to be deliberate exaggerations, designed to support fixed positions for or against Site C.

Our university-based research team models the energy system changes required to meet national and provincial emissions targets, and we have been comparing estimates of the electricity demand implications. These estimates are produced by academics, as well as by key institutions like B.C. Hydro, the National Energy Board, and the governments of Canada and B.C.

Most electricity forecasts for B.C., including the most recent by B.C. Hydro, do not assume that B.C. reduces its greenhouse gas emissions by 25 to 30 per cent by 2030 and 55 to 70 per cent by 2050. When we adjust Hydro’s forecast for just the low end of these targets, we find that in its latest, August 30, submission to the Site C hearing, which followed the premier’s over-budget go-ahead on the project, Hydro has underestimated the demand for its electricity by about three terawatt-hours in 2025, four in 2030 and 10 in 2035. Hydro’s forecast indicates that it will need the five terawatt-hours from Site C. Our research shows that even if Hydro’s demand forecast is too high, appropriate climate policy nationally and in B.C. will absorb all the electricity the dam can produce soon after its completion.

B.C. Hydro does not forecast electricity demand to 2050. But, studies by us and others show that B.C. electricity demand will be almost double today’s levels if we are to reduce emissions by 55 to 70 per cent, even amid a documented risk of missing the 2050 target, in just over three decades while our population, economy, buildings and equipment grow significantly. Most mid- and small-sized vehicles will be electric. Most buildings will be well insulated and heated by electric resistance or electric heat-pumps, either individually or via district heating systems. And many low temperature industrial applications will be electric.

Aggressive efforts to promote energy efficiency will make an important contribution, such that energy demand will not grow nearly as fast as the economy. But it is delusional to think that humans will stop using energy. Even climate policy scenarios in which we assume unprecedented success with energy efficiency show dramatic increases in the consumption of electricity, this being the most favoured zero-emission form of energy as a replacement for planet-destroying gasoline and natural gas.

The completion of the Site C dam is a complicated and challenging societal choice, and delay-related cost risks highlighted by the premier underscore the stakes. There is unbiased evidence and argument supporting either completion or cancellation. But let’s stick to the unbiased evidence. In the case of our 2030 and 2050 greenhouse gas reduction targets, such evidence shows that we must substantially increase our generation of dependable electricity. If the Site C dam is built, and if we are true to our climate goals, all its electricity will be used in B.C. soon after completion.

Mark Jaccard is a professor of sustainable energy in the School of Resource and Environmental Management at Simon Fraser University.

Related News

• Electricity Forum News

• Climate Change News

Russian Cyberattacks on U.S. Critical Infrastructure target energy grids, nuclear plants, water systems, and aviation, DHS and FBI warn, using spear phishing, malware, and ICS/SCADA intrusion to gain footholds for potential sabotage and disruption.

Key Points

State-backed hacks targeting U.S. energy, nuclear, water and aviation via phishing and ICS access for sabotage.

✅ DHS and FBI detail multi-stage intrusion since 2016

✅ Targets include energy, nuclear, water, aviation, manufacturing

✅ TTPs: spear phishing, lateral movement, ICS reconnaissance

Russia is attacking the U.S. energy grid, with reported power plant breaches unfolding alongside attacks on nuclear facilities, water processing plants, aviation systems, and other critical infrastructure that millions of Americans rely on, according to a new joint analysis by the FBI and the Department of Homeland Security.

In an unprecedented alert, the US Department of Homeland Security (DHS) and FBI have warned of persistent attacks by Russian government hackers on critical US government sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing.

The alert details numerous attempts extending back to March 2016 when Russian cyber operatives targeted US government and infrastructure.

The DHS and FBI said: “DHS and FBI characterise this activity as a multi-stage intrusion campaign by Russian government cyber-actors who targeted small commercial facilities’ networks, where they staged malware, conducted spear phishing and gained remote access into energy sector networks.

“After obtaining access, the Russian government cyber-actors conducted network reconnaissance, moved laterally and collected information pertaining to industrial control systems.”

The Trump administration has accused Russia of engineering a series of cyberattacks that targeted American and European nuclear power plants and water and electric systems, and could have sabotaged or shut power plants off at will.

#google#

United States officials and private security firms saw the attacks as a signal by Moscow that it could disrupt the West’s critical facilities in the event of a conflict.

They said the strikes accelerated in late 2015, at the same time the Russian interference in the American election was underway. The attackers had compromised some operators in North America and Europe by spring 2017, after President Trump was inaugurated.

In the following months, according to the DHS/FBI report, Russian hackers made their way to machines with access to utility control rooms and critical control systems at power plants that were not identified. The hackers never went so far as to sabotage or shut down the computer systems that guide the operations of the plants.

Still, new computer screenshots released by the Department of Homeland Security have made clear that Russian state hackers had the foothold they would have needed to manipulate or shut down power plants.

“We now have evidence they’re sitting on the machines, connected to industrial control infrastructure, that allow them to effectively turn the power off or effect sabotage,” said Eric Chien, a security technology director at Symantec, a digital security firm.

“From what we can see, they were there. They have the ability to shut the power off. All that’s missing is some political motivation,” Mr. Chien said.

American intelligence agencies were aware of the attacks for the past year and a half, and the Department of Homeland Security and the F.B.I. first issued urgent warnings to utility companies in June, 2017. Both DHS/FBI have now offered new details as the Trump administration imposed sanctions against Russian individuals and organizations it accused of election meddling and “malicious cyberattacks.”

It was the first time the administration officially named Russia as the perpetrator of the assaults. And it marked the third time in recent months that the White House, departing from its usual reluctance to publicly reveal intelligence, blamed foreign government forces for attacks on infrastructure in the United States.

In December, the White House said North Korea had carried out the so-called WannaCry attack that in May paralyzed the British health system and placed ransomware in computers in schools, businesses and homes across the world. Last month, it accused Russia of being behind the NotPetya attack against Ukraine last June, the largest in a series of cyberattacks on Ukraine to date, paralyzing the country’s government agencies and financial systems.

But the penalties have been light. So far, President Trump has said little to nothing about the Russian role in those attacks.

The groups that conducted the energy attacks, which are linked to Russian intelligence agencies, appear to be different from the two hacking groups that were involved in the election interference.

That would suggest that at least three separate Russian cyberoperations were underway simultaneously. One focused on stealing documents from the Democratic National Committee and other political groups. Another, by a St. Petersburg “troll farm” known as the Internet Research Agency, used social media to sow discord and division. A third effort sought to burrow into the infrastructure of American and European nations.

For years, American intelligence officials tracked a number of Russian state-sponsored hacking units as they successfully penetrated the computer networks of critical infrastructure operators across North America and Europe, including in Ukraine.

Some of the units worked inside Russia’s Federal Security Service, the K.G.B. successor known by its Russian acronym, F.S.B.; others were embedded in the Russian military intelligence agency, known as the G.R.U. Still others were made up of Russian contractors working at the behest of Moscow.

Russian cyberattacks surged last year, starting three months after Mr. Trump took office.

American officials and private cybersecurity experts uncovered a series of Russian attacks aimed at the energy, water and aviation sectors and critical manufacturing, including nuclear plants, in the United States and Europe. In its urgent report in June, the Department of Homeland Security and the F.B.I. notified operators about the attacks but stopped short of identifying Russia as the culprit.

By then, Russian spies had compromised the business networks of several American energy, water and nuclear plants, mapping out their corporate structures and computer networks.

They included that of the Wolf Creek Nuclear Operating Corporation, which runs a nuclear plant near Burlington, Kan. But in that case, and those of other nuclear operators, Russian hackers had not leapt from the company’s business networks into the nuclear plant controls.

Forensic analysis suggested that Russian spies were looking for inroads — although it was not clear whether the goal was to conduct espionage or sabotage, or to trigger an explosion of some kind.

In a report made public in October, Symantec noted that a Russian hacking unit “appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so.”

The United States sometimes does the same thing. It bored deeply into Iran’s infrastructure before the 2015 nuclear accord, placing digital “implants” in systems that would enable it to bring down power grids, command-and-control systems and other infrastructure in case a conflict broke out. The operation was code-named “Nitro Zeus,” and its revelation made clear that getting into the critical infrastructure of adversaries is now a standard element of preparing for possible conflict.

Reconstructed screenshot fragments of a Human Machine Interface that the threat actors accessed, according to DHS

Sanctions Announced

The US treasury department has imposed sanctions on 19 Russian people and five groups, including Moscow’s intelligence services, for meddling in the US 2016 presidential election and other malicious cyberattacks.

Russia, for its part, has vowed to retaliate against the new sanctions.

The new sanctions focus on five Russian groups, including the Russian Federal Security Service, the country’s military intelligence apparatus, and the digital propaganda outfit called the Internet Research Agency, as well as 19 people, some of them named in the indictment related to election meddling released by special counsel Robert Mueller last month.

In announcing the sanctions, which will generally ban U.S. people and financial institutions from doing business with those people and groups, the Treasury Department pointed to alleged Russian election meddling, involvement in the infrastructure hacks, and the NotPetya malware, which the Treasury Department called “the most destructive and costly cyberattack in history.”

The new sanctions come amid ongoing criticism of the Trump administration’s reluctance to punish Russia for cyber and election meddling. Sen. Mark Warner (D-Va.) said that, ahead of the 2018 mid-term elections, the administration’s decision was long overdue but not enough. “Nearly all of the entities and individuals who were sanctioned today were either previously under sanction during the Obama Administration, or had already been charged with federal crimes by the Special Counsel,” Warner said.

Warning: The Russians Are Coming

In an updated warning to utility companies, DHS/FBI officials included a screenshot taken by Russian operatives that proved they could now gain access to their victims’ critical controls, prompting a renewed focus on protecting the U.S. power grid among operators.

American officials and security firms, including Symantec and CrowdStrike, believe that Russian attacks on the Ukrainian power grid in 2015 and 2016 that left more than 200,000 citizens there in the dark are an ominous sign of what the Russian cyberstrikes may portend in the United States and Europe in the event of escalating hostilities.

Private security firms have tracked the Russian government assaults on Western power and energy operators — conducted alternately by groups under the names Dragonfly campaigns alongside Energetic Bear and Berserk Bear — since 2011, when they first started targeting defense and aviation companies in the United States and Canada.

By 2013, researchers had tied the Russian hackers to hundreds of attacks on the U.S. power grid and oil and gas pipeline operators in the United States and Europe. Initially, the strikes appeared to be motivated by industrial espionage — a natural conclusion at the time, researchers said, given the importance of Russia’s oil and gas industry.

But by December 2015, the Russian hacks had taken an aggressive turn. The attacks were no longer aimed at intelligence gathering, but at potentially sabotaging or shutting down plant operations.

At Symantec, researchers discovered that Russian hackers had begun taking screenshots of the machinery used in energy and nuclear plants, and stealing detailed descriptions of how they operated — suggesting they were conducting reconnaissance for a future attack.

Eventhough the US government enacted sanctions, cybersecurity experts are still questioning where the Russian attacks could lead, given that the United States was sure to respond in kind.

“Russia certainly has the technical capability to do damage, as it demonstrated in the Ukraine,” said Eric Cornelius, a cybersecurity expert at Cylance, a private security firm, who previously assessed critical infrastructure threats for the Department of Homeland Security during the Obama administration.

“It is unclear what their perceived benefit would be from causing damage on U.S. soil, especially given the retaliation it would provoke,” Mr. Cornelius said.

Though a major step toward deterrence, publicly naming countries accused of cyberattacks still is unlikely to shame them into stopping. The United States is struggling to come up with proportionate responses to the wide variety of cyberespionage, vandalism and outright attacks.

Lt. Gen. Paul Nakasone, who has been nominated as director of the National Security Agency and commander of United States Cyber Command, the military’s cyberunit, said during his recent Senate confirmation hearing, that countries attacking the United States so far have little to worry about.

“I would say right now they do not think much will happen to them,” General Nakasone said. He later added, “They don’t fear us.”

Related News

• Electricity Forum News

• Grid Technologies News

Dragonfly energy sector cyberattacks target ICS and SCADA across critical infrastructure, including the power grid and nuclear facilities, using spearphishing, watering-hole sites, supply-chain compromises, malware, and VPN exploits to gain operational access.

Key Points

Dragonfly APT campaigns target energy firms and ICS to gain grid access, risking manipulation and service disruption.

✅ Breaches leveraged spearphishing, watering-hole sites, and supply chains.

✅ Targeted ICS, SCADA, VPNs to pivot into operational networks.

✅ Aimed to enable power grid manipulation and potential outages.

An October, 2017 report by researchers at Symantec Corp., cited by the U.S. government, has linked recent US power grid cyber attacks to a group of hackers it had code-named "Dragonfly", and said it found evidence critical infrastructure facilities in Turkey and Switzerland also had been breached.

The Symantec researchers said an earlier wave of attacks by the same group starting in 2011 was used to gather intelligence on companies and their operational systems. The hackers then used that information for a more advanced wave of attacks targeting industrial control systems that, if disabled, leave millions without power or water.

U.S. intelligence officials have long been concerned about the security of the country’s electrical grid. The recent attacks, condemned by the U.S. government, striking almost simultaneously at multiple locations, are testing the government’s ability to coordinate an effective response among several private utilities, state and local officials, and industry regulators.

#google#

While the core of a nuclear generator is heavily protected, a sudden shutdown of the turbine can trigger safety systems. These safety devices are designed to disperse excess heat while the nuclear reaction is halted, but the safety systems themselves may be vulnerable to attack.

The operating systems at nuclear plants also tend to be legacy controls built decades ago and don’t have digital control systems that can be exploited by hackers.

“Since at least March 2016, Russian government cyber actors… targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors,” according to Thursday’s FBI and Department of Homeland Security report. The report did not say how successful the attacks were or specify the targets, but said that the Russian hackers “targeted small commercial facilities’ networks where they staged malware, conducted spearphishing, and gained remote access into energy sector networks.” At least one target of a string of infrastructure attacks last year was a nuclear power facility in Kansas.

Symantec doesn’t typically point fingers at particular nations in its research on cyberattacks, said Eric Chien, technical director of Symantec’s Security Technology and Response division, though he said his team doesn’t see anything it would disagree with in the new federal report. The government report appears to corroborate Symantec’s research, showing that the hackers had penetrated computers and accessed utility control rooms that would let them directly manipulate power systems, he says.

“There were really no more technical hurdles for them to do something like flip off the power,” he said.

And as for the group behind the attacks, Chien said it appears to be relatively dormant for now, but it has gone quiet in the past only to return with new hacks.

“We expect they’re sort of retooling now, and they likely will be back,”

In some cases, Dragonfly successfully broke into the core systems that control US and European energy companies, Symantec revealed.

“The energy sector has become an area of increased interest to cyber-attackers over the past two years,” Symantec said in its report.

“Most notably, disruptions to Ukraine’s power system in 2015 and 2016 were attributed to a cyberattack and led to power outages affecting hundreds of thousands of people. In recent months, there have also been media reports of attempted attacks on the electricity grids in some European countries, as well as reports of companies that manage nuclear facilities in the US being compromised by hackers.

“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so. Symantec customers are protected against the activities of the Dragonfly group.”

In recent weeks, senior US intelligence officials said that the Kremlin believes it can launch hacking operations against the West with impunity, including a cyber weapon that can disrupt power grids, according to assessments.

The DHS and FBI report further elaborated: “This campaign comprises two distinct categories of victims: staging and intended targets. The initial victims are peripheral organisations such as trusted third-party suppliers with less-secure networks, referred to as ‘staging targets’ throughout this alert.

“The threat actors used the staging targets’ networks as pivot points and malware repositories when targeting their final intended victims. National Cybersecurity and Communications Integration Center and FBI judge the ultimate objective of the actors is to compromise organisational networks, also referred to as the ‘intended target’.”

According to the US alert, hackers used a variety of attack methods, including spear-phishing emails, watering-hole domains, credential gathering, open source and network reconnaissance, host-based exploitation, and deliberate targeting of ICS infrastructure.

The attackers also targeted VPN software and used password cracking tools.

Once inside, the attackers downloaded tools from a remote server and then carried out a number of actions, including modifying key systems to store plaintext credentials in memory, and built web shells to gain command and control of targeted systems.

“This actors’ campaign has affected multiple organisations in the energy, nuclear, water, aviation, construction and critical manufacturing sectors, with hundreds of victims across the U.S. power grid confirmed,” the DHS said, before outlining a number of steps that IT managers in infrastructure organisations can take to cleanse their systems and defend against Russian hackers. he said.
 

Related News

• Electricity Forum News

• Grid Technologies News