Power Producers Oppose Legislation Helping Millstone Nuclear Plant

Crouching Yeti APT targets energy infrastructure with watering-hole attacks, compromising servers to steal credentials and stage intrusions; Kaspersky Lab links the Energetic Bear group to ICS threats across Russia, US, Europe, and Turkey.

Key Points

Crouching Yeti APT, aka Energetic Bear, is a threat group that targets energy firms using watering-hole attacks.

✅ Targets energy infrastructure via watering-hole compromises

✅ Uses open-source tools and backdoored sshd for persistence

✅ Scans global servers to stage intrusions and steal credentials

A hacker collective known for attacking industrial companies around the world have had some of their infrastructure identified by Russian security specialists.

Kaspersky Lab said that it has discovered a number of servers compromised by the group, belonging to different organisations based in Russia, the US, and Turkey, as well as European countries.

The Russian-speaking hackers, known as Crouching Yeti or Energetic Bear, mostly focus on energy facilities, as seen in reports of infiltration of the U.S. power grid targeting critical infrastructure, for the main purpose of stealing valuable data from victim systems.

Hacked servers

Crouching Yeti is described as an advanced persistent threat (APT) group that Kaspersky Lab has been tracking since 2010.

#google#

Kaspersky Lab said that the servers it has compromised are not just limited to industrial companies. The servers were hit in 2016 and 2017 with different intentions. Some were compromised to gain access to other resources or to be used as intermediaries to conduct attacks on other resources.

Others, including those hosting Russian websites, were used as watering holes.

It is a common tactic for Crouching Yeti to utilise watering hole attacks where the attackers inject websites with a link redirecting visitors to a malicious server.

“In the process of analysing infected servers, researchers identified numerous websites and servers used by organisations in Russia, US, Europe, Asia and Latin America that the attackers had scanned with various tools, possibly to find a server that could be used to establish a foothold for hosting the attackers’ tools and to subsequently develop an attack,” said the security specialists in a blog posting.

“The range of websites and servers that captured the attention of the intruders is extensive,” the firm said. “Kaspersky Lab researchers found that the attackers had scanned numerous websites of different types, including online stores and services, public organisations, NGOs, manufacturing, etc.

Kaspersky Lab said that the hackers used publicly available malicious tools, designed for analysing servers, and for seeking out and collecting information. The researchers also found a modified sshd file with a preinstalled backdoor. This was used to replace the original file and could be authorised with a ‘master password’.

“Crouching Yeti is a notorious Russian-speaking group that has been active for many years and is still successfully targeting industrial organisations through watering hole attacks, among other techniques,” explained Vladimir Dashchenko, head of vulnerability research group at Kaspersky Lab ICS CERT.

Russian government?

“Our findings show that the group compromised servers not only for establishing watering holes, but also for further scanning, and they actively used open-sourced tools that made it much harder to identify them afterwards,” he said.

“The group’s activities, such as initial data collection, the theft of authentication data, and the scanning of resources, are used to launch further attacks,” said Dashchenko. “The diversity of infected servers and scanned resources suggests the group may operate in the interests of the third parties.”

This may well tie into a similar conclusion from a rival security vendor.

In 2014 CrowdStrike claimed that the ‘Energetic Bear’ group was also tracked in Symantec's Dragonfly research and had been hacking foreign companies on behalf of the Russian state.

The security vendor had said the group had been carrying out attacks on foreign companies since 2012, with reports of breaches at U.S. power plants that underscored the campaign, and there was evidence that these operations were sanctioned by the Russian government.

Last month the United States for the first time publicly accused Russia in a condemnation of Russian grid hacking of attacks against the American power grid.

Symantec meanwhile warned last year of a resurgence in cyber attacks on European and US energy companies, including reports of access to U.S. utility control rooms that could result in widespread power outages.

And last July the UK’s National Cyber Security Centre (NCSC) acknowledged it was investigating a broad wave of attacks on companies in the British energy and manufacturing sectors.

Related News

• Electricity Forum News

• Grid Technologies News

US Electricity Demand Stagnation reflects decoupling from GDP as TVA's IRP revises outlook, with energy efficiency, distributed generation, renewables, and cheap natural gas undercutting coal, reshaping utility business models and accelerating grid modernization.

Key Points

US electricity demand stagnation is flat load growth driven by efficiency, DG, and decoupling from GDP.

✅ Flat sales pressure IOU profits and legacy baseload investments.

✅ Efficiency and rooftop solar reduce load growth and capacity needs.

✅ Utilities must pivot to services, DER orchestration, and grid software.

The US electricity sector is in a period of unprecedented change and turmoil, with emerging utility trends reshaping strategies across the industry today. Renewable energy prices are falling like crazy. Natural gas production continues its extraordinary surge. Coal, the golden child of the current administration, is headed down the tubes.

In all that bedlam, it’s easy to lose sight of an equally important (if less sexy) trend: Demand for electricity is stagnant.

Thanks to a combination of greater energy efficiency, outsourcing of heavy industry, and customers generating their own power on site, demand for utility power has been flat for 10 years, with COVID-19 electricity demand underscoring recent variability and long-run stagnation, and most forecasts expect it to stay that way. The die was cast around 1998, when GDP growth and electricity demand growth became “decoupled”:

This historic shift has wreaked havoc in the utility industry in ways large and small, visible and obscure. Some of that havoc is high-profile and headline-making, as in the recent requests from utilities (and attempts by the Trump administration) to bail out large coal and nuclear plants amid coal and nuclear industry disruptions affecting power markets and reliability.

Some of it, however, is unfolding in more obscure quarters. A great example recently popped up in Tennessee, where one utility is finding its 20-year forecasts rendered archaic almost as soon as they are released.

Falling demand has TVA moving up its planning process

Every five years, the Tennessee Valley Authority (TVA) — the federally owned regional planning agency that, among other things, supplies electricity to Tennessee and parts of surrounding states — develops an Integrated Resource Plan (IRP) meant to assess what it requires to meet customer needs for the next 20 years.

The last IRP, completed in 2015, anticipated that there would be no need for major new investment in baseload (coal, nuclear, and hydro) power plants; it foresaw that energy efficiency and distributed (customer-owned) energy generation would hold down demand.

Even so, TVA underestimated. Just three years later, the Times Free Press reports, “TVA now expects to sell 13 percent less power in 2027 than it did two decades earlier — the first sustained reversal in the growth of electricity usage in the 85-year history of TVA.”

TVA will sell less electricity in 10 years than it did 10 years ago. That is bonkers.

This startling shift in prospects has prompted the company to accelerate its schedule. It will now develop its next IRP a year early, in 2019.

Think for a moment about why a big utility like TVA (serving 9 million customers in seven states, with more than $11 billion in revenue) sets out to plan 20 years ahead. It is investing in extremely large and capital-intensive infrastructure like power plants and transmission lines, which cost billions of dollars and last for decades. These are not decisions to make lightly; the utility wants to be sure that they will still be needed, and will still pay off, for many years to come.

Now think for a moment about what it means for the electricity sector to be changing so fast that TVA’s projections are out of date three years after its last IRP, so much so that it needs to plunge back into the multimillion-dollar, year-long process of developing a new plan.

TVA wanted a plan for 20 years; the plan lasted three.

The utility business model is headed for a reckoning

TVA, as a government-owned, fully regulated utility, has only the goals of “low cost, informed risk, environmental responsibility, reliability, diversity of power and flexibility to meet changing market conditions,” as its planning manager told the Times Free Press. (Yes, that’s already a lot of goals!)

But investor-owned utilities (IOUs), which administer electricity for well over half of Americans, face another imperative: to make money for investors. They can’t make money selling electricity; monopoly regulations forbid it, raising questions about utility revenue models as marginal energy costs fall. Instead, they make money by earning a rate of return on investments in electrical power plants and infrastructure.

The problem is, with demand stagnant, there’s not much need for new hardware. And a drop in investment means a drop in profit. Unable to continue the steady growth that their investors have always counted on, IOUs are treading water, watching as revenues dry up

Utilities have been frantically adjusting to this new normal. The generation utilities that sell into wholesale electricity markets (also under pressure from falling power prices; thanks to natural gas and renewables, wholesale power prices are down 70 percent from 2007) have reacted by cutting costs and merging. The regulated utilities that administer local distribution grids have responded by increasing investments in those grids, including efforts to improve electricity reliability and resilience at lower cost.

But these are temporary, limited responses, not enough to stay in business in the face of long-term decline in demand. Ultimately, deeper reforms will be necessary.

As I have explained at length, the US utility sector was built around the presumption of perpetual growth. Utilities were envisioned as entities that would build the electricity infrastructure to safely and affordably meet ever-rising demand, which was seen as a fixed, external factor, outside utility control.

But demand is no longer rising. What the US needs now are utilities that can manage and accelerate that decline in demand, increasing efficiency as they shift to cleaner generation. The new electricity paradigm is to match flexible, diverse, low-carbon supply with (increasingly controllable) demand, through sophisticated real-time sensing and software.

That’s simply a different model than current utilities are designed for. To adapt, the utility business model must change. Utilities need newly defined responsibilities and new ways to make money, through services rather than new hardware. That kind of reform will require regulators, politicians, and risky experiments. Very few states — New York, California, Massachusetts, a few others — have consciously set off down that path.

Flat or declining demand is going to force the issue

Even if natural gas and renewables weren’t roiling the sector, the end of demand growth would eventually force utility reform.

To be clear: For both economic and environmental reasons, it is good that US power demand has decoupled from GDP growth. As long as we’re getting the energy services we need, we want overall demand to decline. It saves money, reduces pollution, and avoids the need for expensive infrastructure.

But the way we’ve set up utilities, they must fight that trend. Every time they are forced to invest in energy efficiency or make some allowance for distributed generation (and they must always be forced), demand for their product declines, and with it their justification to make new investments.

Only when the utility model fundamentally changes — when utilities begin to see themselves primarily as architects and managers of high-efficiency, low-emissions, multidirectional electricity systems rather than just investors in infrastructure growth — can utilities turn in earnest to the kind planning they need to be doing.

In a climate-aligned world, utilities would view the decoupling of power demand from GDP growth as cause for celebration, a sign of success. They would throw themselves into accelerating the trend.

Instead, utilities find themselves constantly surprised, caught flat-footed again and again by a trend they desperately want to believe is temporary. Unless we can collectively reorient utilities to pursue rather than fear current trends in electricity, they are headed for a grim reckoning.

Related News

• Electricity Forum News

• Energy Policy News

Manitoba Hydro rate hikes face public hearings over electricity rates, utility bills, and debt, with impacts on low-income households, Indigenous communities, and Winnipeg services amid credit rating pressure and rising energy costs.

Key Points

Manitoba Hydro seeks 7.9% annual increases to stabilize finances and debt, impacting electricity costs for households.

✅ Proposed hikes: 7.9% yearly through 2023/24

✅ Driven by debt, credit rating declines, rising interest

✅ Disproportionate impact on low-income and Indigenous communities

Hearings began Monday into Manitoba Hydro’s request for consecutive annual rate hikes of 7.9 per cent.  The crown corporation is asking for the steep hikes to commence April 1, 2018.

The increases would continue through 2023/2024, under a multi-year rate plan before dropping to what Hydro calls “sustainable” levels.

Patti Ramage, legal counsel for Hydro, said while she understands no one welcomes the “exceptional” rate increases, the company is dealing with exceptional circumstances.

It’s the largest rate increase Hydro has ever asked for, though a scaled-back increase was discussed later, saying rising debt and declining credit ratings are affecting its financial stability.

President and CEO Kelvin Shepherd said Hydro is borrowing money to fund its interest payments, and acknowledged that isn’t an effective business model.

Hydro’s application states that it will be spending up to 63 per cent of its revenue on paying financial expenses if the current request for rate hikes is not approved.

If it does get the increase it wants, that number could shrink to 45 per cent – which Ramage says is still quite high, but preferable to the alternative.

She cited the need to take immediate action to fix Hydro’s finances instead of simply hoping for the best.

“The worst thing we can do is defer action… that’s why we need to get this right,” Ramage said.

A number of intervenors presented varying responses to Hydro’s push for increased rates, with many focusing on how the hikes would affect Manitobans with lower incomes.

Senwung Luk spoke on behalf of the Assembly of Manitoba Chiefs, and said the proposed rates would hit First Nations reserves particularly hard.

He noted that 44.2 per cent of housing on reserves in the province needs significant improvement, which means electricity use tends to be higher to compensate for the lower quality of infrastructure.

Luk says this problem is compounded by the higher rates of poverty in Indigenous populations, with 76 per cent of children on reserves in Manitoba living below the poverty line.

If the increase goes forward, he said the AMC hopes to see a reduced rate for those living on reserves, despite a recent appeal court ruling on such pricing.

Byron Williams, speaking on behalf of the Consumers Coalition, said the 7.9 per cent increase unreasonably favours the interests of Hydro, and is unjustly biased against virtually everyone else.

In Saskatchewan, the NDP criticized an SaskPower 8 per cent rate hike as unfair to customers, highlighting regional concerns.

Williams said customers using electric space heating would be more heavily targeted by the rate increase, facing an extra $13.14 a month as opposed to the $6.88 that would be tacked onto the bills of those not using electric space heating.

Williams also called Hydro’s financial forecasts unreliable, bringing the 7.9 per cent figure into question.

Lawyer George Orle, speaking for the Manitoba Keewatinowi Okimakanak, said the proposed rate hikes would “make a mockery” of the sacrifices made by First Nations across the province, given that so much of Hydro’s infrastructure is on Indigenous land.

The city of Winnipeg also spoke out against the jump, saying property taxes could rise or services could be cut if the hikes go ahead to compensate for increased, unsustainable electricity costs.

In British Columbia, a BC Hydro 3 per cent increase also moved forward, drawing attention to affordability.

A common theme at the hearing was that Hydro’s request was not backed by facts, and that it was heading towards fear-mongering.

Manitoba Hydro’s CEO begged to differ as he plead his case during the first hearing of a process that is expected to take 10 weeks.

Related News

• Electricity Forum News

• Energy Policy News

Dragonfly energy sector cyberattacks target ICS and SCADA across critical infrastructure, including the power grid and nuclear facilities, using spearphishing, watering-hole sites, supply-chain compromises, malware, and VPN exploits to gain operational access.

Key Points

Dragonfly APT campaigns target energy firms and ICS to gain grid access, risking manipulation and service disruption.

✅ Breaches leveraged spearphishing, watering-hole sites, and supply chains.

✅ Targeted ICS, SCADA, VPNs to pivot into operational networks.

✅ Aimed to enable power grid manipulation and potential outages.

An October, 2017 report by researchers at Symantec Corp., cited by the U.S. government, has linked recent US power grid cyber attacks to a group of hackers it had code-named "Dragonfly", and said it found evidence critical infrastructure facilities in Turkey and Switzerland also had been breached.

The Symantec researchers said an earlier wave of attacks by the same group starting in 2011 was used to gather intelligence on companies and their operational systems. The hackers then used that information for a more advanced wave of attacks targeting industrial control systems that, if disabled, leave millions without power or water.

U.S. intelligence officials have long been concerned about the security of the country’s electrical grid. The recent attacks, condemned by the U.S. government, striking almost simultaneously at multiple locations, are testing the government’s ability to coordinate an effective response among several private utilities, state and local officials, and industry regulators.

#google#

While the core of a nuclear generator is heavily protected, a sudden shutdown of the turbine can trigger safety systems. These safety devices are designed to disperse excess heat while the nuclear reaction is halted, but the safety systems themselves may be vulnerable to attack.

The operating systems at nuclear plants also tend to be legacy controls built decades ago and don’t have digital control systems that can be exploited by hackers.

“Since at least March 2016, Russian government cyber actors… targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors,” according to Thursday’s FBI and Department of Homeland Security report. The report did not say how successful the attacks were or specify the targets, but said that the Russian hackers “targeted small commercial facilities’ networks where they staged malware, conducted spearphishing, and gained remote access into energy sector networks.” At least one target of a string of infrastructure attacks last year was a nuclear power facility in Kansas.

Symantec doesn’t typically point fingers at particular nations in its research on cyberattacks, said Eric Chien, technical director of Symantec’s Security Technology and Response division, though he said his team doesn’t see anything it would disagree with in the new federal report. The government report appears to corroborate Symantec’s research, showing that the hackers had penetrated computers and accessed utility control rooms that would let them directly manipulate power systems, he says.

“There were really no more technical hurdles for them to do something like flip off the power,” he said.

And as for the group behind the attacks, Chien said it appears to be relatively dormant for now, but it has gone quiet in the past only to return with new hacks.

“We expect they’re sort of retooling now, and they likely will be back,”

In some cases, Dragonfly successfully broke into the core systems that control US and European energy companies, Symantec revealed.

“The energy sector has become an area of increased interest to cyber-attackers over the past two years,” Symantec said in its report.

“Most notably, disruptions to Ukraine’s power system in 2015 and 2016 were attributed to a cyberattack and led to power outages affecting hundreds of thousands of people. In recent months, there have also been media reports of attempted attacks on the electricity grids in some European countries, as well as reports of companies that manage nuclear facilities in the US being compromised by hackers.

“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so. Symantec customers are protected against the activities of the Dragonfly group.”

In recent weeks, senior US intelligence officials said that the Kremlin believes it can launch hacking operations against the West with impunity, including a cyber weapon that can disrupt power grids, according to assessments.

The DHS and FBI report further elaborated: “This campaign comprises two distinct categories of victims: staging and intended targets. The initial victims are peripheral organisations such as trusted third-party suppliers with less-secure networks, referred to as ‘staging targets’ throughout this alert.

“The threat actors used the staging targets’ networks as pivot points and malware repositories when targeting their final intended victims. National Cybersecurity and Communications Integration Center and FBI judge the ultimate objective of the actors is to compromise organisational networks, also referred to as the ‘intended target’.”

According to the US alert, hackers used a variety of attack methods, including spear-phishing emails, watering-hole domains, credential gathering, open source and network reconnaissance, host-based exploitation, and deliberate targeting of ICS infrastructure.

The attackers also targeted VPN software and used password cracking tools.

Once inside, the attackers downloaded tools from a remote server and then carried out a number of actions, including modifying key systems to store plaintext credentials in memory, and built web shells to gain command and control of targeted systems.

“This actors’ campaign has affected multiple organisations in the energy, nuclear, water, aviation, construction and critical manufacturing sectors, with hundreds of victims across the U.S. power grid confirmed,” the DHS said, before outlining a number of steps that IT managers in infrastructure organisations can take to cleanse their systems and defend against Russian hackers. he said.
 

Related News

• Electricity Forum News

• Grid Technologies News

BC Hydro Ice Storm Response to Fraser Valley power outages highlights freezing rain impacts, round the clock crews, infrastructure challenges, and climate change risks across the Lower Mainland during winter weather and restoration efforts.

Key Points

A plan for freezing rain events that prioritizes safety, rapid repairs, and clear communication to restore power.

✅ Prioritizes hazards, critical loads, and public safety first

✅ Deploys crews, contractors, and equipment across affected areas

✅ Addresses climate risks without costly undergrounding expansion

Call it the straw that broke the llama's back.

The loss of power during recent Fraser Valley ice storms meant Jennifer Quick, who lives on a Mission farm, had no running water, couldn't cook with appliances and still had to tend to a daughter sick with stomach flu.

As if that wasn't enough, she had to endure the sight of her shivering llamas.

"I brought them outside at one point and when I brought them back in, they had icicles on their fur," she said, adding the animals stayed in the warmth of their barn from then on.

For three and a half days, Quick and her family were among more than 160,000 BC Hydro customers in the Fraser Valley left in the dark after ice storms whipped through the region.

BC Hydro expects to get all customers back online Tuesday, five days after the storm hit.

And with another storm possibly on the horizon, the utility is defending its response to the treacherous weather, noting that windstorm power outages can be widespread.

BC Hydro spokesperson Mora Scott said the utility has a "best in class" storm response system, similar to PG&E winter storm prep in the U.S.

"In a typical storm situation we normally have 95 per cent of our customers back up within 24 hours. Ice storms are different and obviously this was an atypical storm for us," she said.

Scott said that in this case, the utility got power back on for 75 per cent of customers within 24 hours. It took the work of 450 employees called in from around B.C., working around the clock, a mobilization echoed by Sudbury Hydro crews after a storm, she said.

The work was complicated by trees falling near crews, icy roads, low visibility and even substations so frozen over the ice had to be melted off with blowtorches.

She said that in the long term, BC Hydro has no plans to make changes to how it responds to extreme ice storms or how infrastructure is built.

"Seeing ice build up in the Lower Mainland like this is a rare event," she said. "So to build for extremes like that probably doesn't make a lot of sense."

Climate change will bring storms

But CBC meteorologist Johanna Wagstaffe said that might not always be the case as climate change continues to impact our planet.

"The less severe winter events, like light snowfall, will happen less often," she said. "But the disruptive events — like last week's storm — will actually happen more often and we are already seeing this shift happen."

Marc Eliesen, a former CEO of BC Hydro in the early 1990s, said the utility needs to keep that in mind when planning for worst-case scenarios.

"This [storm] is a condition characteristic of the weather in the east, particularly in Ontario and Quebec, where freezing rain outages in Quebec are more common, which is organized to deal with freezing rain and heavy snow on the lines," he said. "This is a new phenomenon for British Columbia."

Eliesen questions whether BC Hydro has adequate equipment and crew training to deal with ice storms if they become more frequent, pointing to Hydro One storm restoration in Ontario as a comparison.

'Always something we can learn'

Scott disagrees with some of Eliesen's points.

She said some of the crews called in to deal with the recent storm come from northern B.C. and the Interior and have plenty of experience with snow.

"There's always something we can learn in every major storm situation," she said.

The idea of putting power lines underground was raised by some CBC readers and listeners, but Scott said running underground lines is five to 10 times the cost of running lines on pole, so it is done sparingly. Besides, equipment like substations and transmission lines need to be kept aboveground.

Meanwhile, Wagstaffe said that beginning Thursday, wintry weather could return to the Lower Mainland.

Related News

• Electricity Forum News

• Utility Operations News

Netherlands renewable energy progress highlights rising wind energy and solar power output, delivering 17 billion kWh of green electricity from sustainable sources, yet trailing EU targets, with wind providing 60% and solar 34%.

Key Points

It is the country's growth in green electricity, led by wind and solar, yet short of EU targets at 13.8% of generation.

✅ 17 billion kWh green output; 13.8% of total generation

✅ Wind energy up 16% to 9.6 billion kWh; 60% of green power

✅ Solar power up about 13%; 34% of renewable production

The Netherlands is generating more electricity from sustainable sources as US renewable record 28% in April underscores broader momentum but is still far from reaching its targets, the national statistics office CBS said on Friday.

In total, the Netherlands produced 17 billion kilowatts of green energy last year, a rise of 10% on 2016. Sustainable sources now account for 13.8 per cent of energy generation, even as solar reshapes prices in Northern Europe across the region.

The biggest growth was in wind energy – up 16 per cent to 9.6 billion kWh – or the equivalent of energy for three million households. Wind energy now accounts for 60 per cent of green Dutch power. The amount of solar power, which accounts for 34% of green energy production, rose almost 13 per cent, and Dutch solar outpaces Canada according to recent reports.

In January, European statistics agency Eurostat said the Netherlands is near the bottom of a new table on renewable energy use in Europe. The EU has a target of a fifth of all energy use from green sources by 2020 and – while some countries have reached their own targets, including Germany's 50% clean power milestones – the Dutch, French and Irish need to increase their rates by at least 6%, Eurostat said, and Ireland has set green electricity goals for the next four years to close the gap.

Related News

• Electricity Forum News

• Renewable Energy News