Utility and Efficiency Businesses Take Key Step on New Utility Rate Designs

Dragonfly energy sector cyberattacks target ICS and SCADA across critical infrastructure, including the power grid and nuclear facilities, using spearphishing, watering-hole sites, supply-chain compromises, malware, and VPN exploits to gain operational access.

Key Points

Dragonfly APT campaigns target energy firms and ICS to gain grid access, risking manipulation and service disruption.

✅ Breaches leveraged spearphishing, watering-hole sites, and supply chains.

✅ Targeted ICS, SCADA, VPNs to pivot into operational networks.

✅ Aimed to enable power grid manipulation and potential outages.

An October, 2017 report by researchers at Symantec Corp., cited by the U.S. government, has linked recent US power grid cyber attacks to a group of hackers it had code-named "Dragonfly", and said it found evidence critical infrastructure facilities in Turkey and Switzerland also had been breached.

The Symantec researchers said an earlier wave of attacks by the same group starting in 2011 was used to gather intelligence on companies and their operational systems. The hackers then used that information for a more advanced wave of attacks targeting industrial control systems that, if disabled, leave millions without power or water.

U.S. intelligence officials have long been concerned about the security of the country’s electrical grid. The recent attacks, condemned by the U.S. government, striking almost simultaneously at multiple locations, are testing the government’s ability to coordinate an effective response among several private utilities, state and local officials, and industry regulators.

#google#

While the core of a nuclear generator is heavily protected, a sudden shutdown of the turbine can trigger safety systems. These safety devices are designed to disperse excess heat while the nuclear reaction is halted, but the safety systems themselves may be vulnerable to attack.

The operating systems at nuclear plants also tend to be legacy controls built decades ago and don’t have digital control systems that can be exploited by hackers.

“Since at least March 2016, Russian government cyber actors… targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors,” according to Thursday’s FBI and Department of Homeland Security report. The report did not say how successful the attacks were or specify the targets, but said that the Russian hackers “targeted small commercial facilities’ networks where they staged malware, conducted spearphishing, and gained remote access into energy sector networks.” At least one target of a string of infrastructure attacks last year was a nuclear power facility in Kansas.

Symantec doesn’t typically point fingers at particular nations in its research on cyberattacks, said Eric Chien, technical director of Symantec’s Security Technology and Response division, though he said his team doesn’t see anything it would disagree with in the new federal report. The government report appears to corroborate Symantec’s research, showing that the hackers had penetrated computers and accessed utility control rooms that would let them directly manipulate power systems, he says.

“There were really no more technical hurdles for them to do something like flip off the power,” he said.

And as for the group behind the attacks, Chien said it appears to be relatively dormant for now, but it has gone quiet in the past only to return with new hacks.

“We expect they’re sort of retooling now, and they likely will be back,”

In some cases, Dragonfly successfully broke into the core systems that control US and European energy companies, Symantec revealed.

“The energy sector has become an area of increased interest to cyber-attackers over the past two years,” Symantec said in its report.

“Most notably, disruptions to Ukraine’s power system in 2015 and 2016 were attributed to a cyberattack and led to power outages affecting hundreds of thousands of people. In recent months, there have also been media reports of attempted attacks on the electricity grids in some European countries, as well as reports of companies that manage nuclear facilities in the US being compromised by hackers.

“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so. Symantec customers are protected against the activities of the Dragonfly group.”

In recent weeks, senior US intelligence officials said that the Kremlin believes it can launch hacking operations against the West with impunity, including a cyber weapon that can disrupt power grids, according to assessments.

The DHS and FBI report further elaborated: “This campaign comprises two distinct categories of victims: staging and intended targets. The initial victims are peripheral organisations such as trusted third-party suppliers with less-secure networks, referred to as ‘staging targets’ throughout this alert.

“The threat actors used the staging targets’ networks as pivot points and malware repositories when targeting their final intended victims. National Cybersecurity and Communications Integration Center and FBI judge the ultimate objective of the actors is to compromise organisational networks, also referred to as the ‘intended target’.”

According to the US alert, hackers used a variety of attack methods, including spear-phishing emails, watering-hole domains, credential gathering, open source and network reconnaissance, host-based exploitation, and deliberate targeting of ICS infrastructure.

The attackers also targeted VPN software and used password cracking tools.

Once inside, the attackers downloaded tools from a remote server and then carried out a number of actions, including modifying key systems to store plaintext credentials in memory, and built web shells to gain command and control of targeted systems.

“This actors’ campaign has affected multiple organisations in the energy, nuclear, water, aviation, construction and critical manufacturing sectors, with hundreds of victims across the U.S. power grid confirmed,” the DHS said, before outlining a number of steps that IT managers in infrastructure organisations can take to cleanse their systems and defend against Russian hackers. he said.
 

Related News

• Electricity Forum News

• Grid Technologies News

Cooperative Energy bond rating upgrade signals lower debt costs as Fitch lifts GO Zone Bonds to A, reflecting Kemper exit, shift to owned generation, natural gas, and renewable energy for co-op members and borrowing rates.

Key Points

Fitch raised Cooperative Energy's GO Zone Bonds to A, cutting debt costs after Kemper exit and shift to natural gas.

✅ Fitch upgrades 2009A GO Zone Bonds from A- to A.

✅ Kemper divestment reduced risk and exposure to coal.

✅ Shift to owned generation, natural gas, renewables lowers costs.

Cooperative Energy and its 11 co-op members will see lower debt costs on $35.4 million bond; similar to regional utilities offering one-time bill decreases for customers recently.

Bailing out of its 15 percent ownership stake in Mississippi Power’s Kemper gasification plant, amid debates over coal and nuclear subsidies in federal policy, has helped Hattiesburg-based Cooperative Energy gain a ratings upgrade on a $35.4 million bond issue.

The electric power co-op, which changed its name to Cooperative Energy from South Mississippi Electric Power Association in November, received a ratings upgrade from A- to A for its 2009 2009A Mississippi Business Finance Corporation Gulf Opportunity Zone Bonds, even as other utilities announced bill reductions for customers during 2020.

“This rating upgrade reflects the success of our strategy to move from purchased power to owned generation resources, and from coal to natural gas and renewable energy as clean energy priorities gain traction,” said Cooperative Energy President/CEO Jim Compton in a press release.  “The result for our members is lower borrowing costs and more favorable rates.”

An “A” rating from Fitch designates the bond issue as “near premium quality,” a status noted as utilities adapted to pandemic-era electricity demand trends nationwide.

Related News

• Electricity Forum News

• Power Generation News

Hong Kong Electricity Tariff Increase reflects a projected 1-2% rise as HK Electric and CLP Power shift to cleaner fuel and natural gas, expand gas-fired units and LNG terminals, and adjust the fuel clause charge.

Key Points

An expected 1-2% 2018 rise from cleaner fuel, natural gas projects, asset growth, and shrinking fuel cost surpluses.

✅ Expected 1-2% rise amid cleaner fuel and gas shift

✅ Fuel clause charge and asset expansion pressure prices

✅ HK Electric and CLP Power urged to use surpluses prudently

Hong Kong customers have been asked to expect higher electricity bills next year, as seen with BC Hydro rate increases in Canada, with a member of a government panel on energy policy anticipating an increase in tariffs of one or two per cent.

The environment minister, Wong Kam-sing, also hinted they should be prepared to dig deeper into their pockets for electricity, as debates over California electric bills illustrate, in the wake of power companies needing to use more expensive but cleaner fuel to generate power in the future.

HK Electric supplies power to Hong Kong Island, Lamma Island and Ap Lei Chau. Photo: David Wong

The city’s two power companies, HK Electric and CLP Power, are to brief lawmakers on their respective annual tariff adjustments for 2018, amid Ontario electricity price pressures drawing international attention, at a Legislative Council economic development panel meeting on Tuesday.

HK Electric supplies electricity to Hong Kong Island and neighbouring Lamma Island and Ap Lei Chau, while CLP Power serves Kowloon and the New Territories, including Lantau Island.

Wong said on Monday: “We have to appreciate that when we use cleaner fuel, there is a need for electricity tariffs to keep pace. I believe it is the hope of mainstream society to see a low-carbon and healthier environment.”

Secretary for the Environment Wong Kam-sing believes most people desire a low-carbon environment. Photo: Sam Tsang

But he declined to comment on how much the tariffs might rise.

World Green Organisation chief executive William Yu Yuen-ping, also a member of the Energy Advisory Committee, urged the companies to better use their “overflowing” surpluses in their fuel cost recovery accounts.

Tariffs are comprised of two components: a basic amount reflecting a company’s operating costs and investments, and the fuel clause charge, which is based on what the company projects it will pay for fuel for the year.

William Yu of World Green Organisation says the companies should use their surpluses more carefully. Photo: May Tse

Critics have claimed the local power suppliers routinely overestimate their fuel costs and amass huge surpluses.

In recent years, the two managed to freeze or cut their tariffs thanks to savings from lower fuel costs. Last year, HK Electric offered special rebates to its customers, which saw its tariff drop by 17.2 per cent. CLP Power froze its own charge for 2017.

Yu said the two companies should use the surpluses “more carefully” to stabilise tariffs.

Rise after fall in Hong Kong electricity use linked to subsidies

“We estimate a big share of the surplus has been used up and so the honeymoon period is over.”

Based on his group’s research, Yu believed the tariffs would increase by one or two per cent.

Economist and fellow committee member Billy Mak Sui-choi said the expansion of the power companies’ fixed asset bases, such as building new gas-fired units and offshore liquefied natural gas terminals, a pattern reflected in Nova Scotia's 14% rate hike recently approved by regulators, would also cause tariffs to rise.

To fight climate change and improve air quality, the government has pledged to cut carbon intensity by between 50 and 60 per cent by 2020. Officials set a target of boosting the use of natural gas for electricity generation to half the total fuel mix from 2020.

Both power companies are privately owned and monitored by the government through a mutually agreed scheme of control agreements, akin to oversight seen under the UK energy price cap in other jurisdictions. These require the firms to seek government approval for their development plans, including their projected basic tariff levels.

At present, the permitted rate of return on their net fixed assets is 9.99 per cent. The deals are due to expire late next year.

Earlier this year, officials reached a deal with the two companies on the post-2018 scheme, settling on a 15-year term. The new agreements slash their permitted rate of return to 8 per cent.

Related News

• Electricity Forum News

• Energy Policy News

PG&E property tax payments bolster counties, education, public safety, and infrastructure across Northern and Central California, reflecting semi-annual levies tied to utility assets, capital investments, and economic development that serve 16 million customers.

Key Points

PG&E property tax payments are semi-annual county taxes funding public services and linked to utility infrastructure.

✅ $230M paid for Jul-Dec 2017 across 50 California counties

✅ Estimated $461M for FY 2017-2018, up 12% year over year

✅ Investments: $5.9B in grid, Gas Safety Academy, control center

Pacific Gas and Electric Company (PG&E) paid property taxes of more than $230 million this fall to the 50 counties where the energy company owns property and operates gas and electric infrastructure that serves 16 million Californians. The tax payments help support essential public services like education and public health and safety actions across the region.

The semi-annual property tax payments made today cover the period from July 1 to December 31, 2017.

Total payments for the full tax year of July 1, 2017 to June 30, 2018 are estimated to total more than $461 million—an increase of $50 million, or 12 percent, compared with the prior fiscal year, even as customer rates are expected to stabilize in the years ahead.

“Property tax payments provide crucial resources to the many communities where we live and work, supporting everything from education to public safety. By continuing to make local investments in gas and electric infrastructure, we are not only creating one of the safest and most reliable energy systems in the country, including wildfire risk reduction programs and related efforts, we’re investing in the local economy and helping our communities thrive,” said Jason Wells, senior vice president and chief financial officer for PG&E.

PG&E invested more than $5.7 billion last year and expects to invest $5.9 billion this year to enhance and upgrade its gas and electrical infrastructure amid power line fire risks across Northern and Central California.

Some recent investments include the construction of PG&E’s $75 millionGas Safety Academy in Winters in Yolo County, which opened in September. Last year, PG&E opened a $36 million, state-of-the-art electric distribution control center in Rocklin.

PG&E supports the communities it serves in a variety of ways. In 2016, PG&E provided more than $28 million in charitable contributions to enrich local educational opportunities, preserve the environment, and support economic vitality and emergency preparedness and safety, including its Wildfire Assistance Program for impacted residents. PG&E employees provide thousands of hours of volunteer service in their local communities. The company also offers a broad spectrum of economic development services to help local businesses grow.

Related News

• Electricity Forum News

• Energy Policy News

GMP Tesla Powerwall Program replaces utility meters with smart battery storage, enabling virtual power plant services, demand response, and resilient homes, integrating solar readiness, EV charging support, and smart grid controls across Vermont households.

Key Points

Green Mountain Power uses Tesla Powerwalls as smart meters, creating a VPP for demand response and home backup.

✅ $30 monthly for 10 years or $3,000 upfront for two units

✅ Utility controls batteries for peak shaving and demand response

✅ Enables backup power, solar readiness, and EV charging support

There are more than 100 million single-family homes in the United States of America. If each of these homes were to have two 13.5 kWh Tesla Powerwalls, that would total 2.7 Terawatt-hours worth of electricity stored. Prior research has suggested that this volume of energy storage could get us halfway to the 5.4 TWh of storage needed to let the nation get 80% of its electricity from solar and wind, as states like California increasingly turn to grid batteries to support the transition.

Vermont utility Green Mountain Power (GMP) seeks to remove standard electric utility metering hardware and replace it with the equipment inside of a Tesla Powerwall, as part of a broader digital grid evolution underway. Mary Powell, President and CEO of Green Mountain Power, says, “We have a vision of a battery system in every single home” and they’ve got a patent pending software solution to make it happen.

The Resilient Home program will install two standard Tesla Powerwalls each in 250 homes in GMP’s service area. The homeowner will pay either $30 a month for ten years ($3,600), or $3,000 up front. At the end of the ten year period, payments end, but the unit can stay in the home for an additional five years – or as long as it has a usable life.

A single Powerwall costs approximately $6,800, making this a major discount.

GMP notes that the home must have reliable internet access to allow GMP and Tesla to communicate with the Powerwall. GMP will control the functions of the Powerwall, effectively operating a virtual power plant across participating homes, expanding the scope of programs like those that saved the state’s ratepayers more than $500,000 during peak demand events last year. The utility specifically notes that customers agree to share stored energy with GMP on several peak demand days each year.

The hardware can be designed to interact with current backup generators during power outages, or emerging fuel cell solutions that maintain battery charge longer during extended outages, however, the units will not charge from the generator. As noted the utility will be making use of the hardware during normal operating times, however, during a power outage the private home owner will be able to use the electricity to back up both their house and top off their car.

The utility told pv magazine USA that the Powerwalls are standard from the factory, with GMP’s patent pending software solution being the special sauce (has a hint of recent UL certifications). GMP said the program will also get home owners “adoption ready” for solar power, including microgrid energy storage markets, and other smart devices.

Sonnen’s ecoLinx is already directly interacting with a home’s electrical panel (literally throwing wifi enabled circuit breakers). Now with Tesla Powerwalls being used to replace utility meters, we see one further layer of integration that will lead to design changes that will drive residential solar toward $1/W. Electric utilities are also experimenting with controlling module level electronics and smart solar inverters in 100% residential penetration situations. And of course, considering that California is requiring solar – and probably storage in the future – in all new homes, we should expect to see further experimentation in this model. Off grid solar inverter manufacturers already include electric panels with their offerings.

If we add in the electric car, and have vehicle-to-grid abilities, we start to see a very strong amount of electricity generation and energy storage, helping to keep the lights on during grid stress, potentially happening in more than 100 million residential power plants. Resilient homes indeed.

Related News

• Electricity Forum News

• Grid Technologies News

Crouching Yeti APT targets energy infrastructure with watering-hole attacks, compromising servers to steal credentials and stage intrusions; Kaspersky Lab links the Energetic Bear group to ICS threats across Russia, US, Europe, and Turkey.

Key Points

Crouching Yeti APT, aka Energetic Bear, is a threat group that targets energy firms using watering-hole attacks.

✅ Targets energy infrastructure via watering-hole compromises

✅ Uses open-source tools and backdoored sshd for persistence

✅ Scans global servers to stage intrusions and steal credentials

A hacker collective known for attacking industrial companies around the world have had some of their infrastructure identified by Russian security specialists.

Kaspersky Lab said that it has discovered a number of servers compromised by the group, belonging to different organisations based in Russia, the US, and Turkey, as well as European countries.

The Russian-speaking hackers, known as Crouching Yeti or Energetic Bear, mostly focus on energy facilities, as seen in reports of infiltration of the U.S. power grid targeting critical infrastructure, for the main purpose of stealing valuable data from victim systems.

Hacked servers

Crouching Yeti is described as an advanced persistent threat (APT) group that Kaspersky Lab has been tracking since 2010.

#google#

Kaspersky Lab said that the servers it has compromised are not just limited to industrial companies. The servers were hit in 2016 and 2017 with different intentions. Some were compromised to gain access to other resources or to be used as intermediaries to conduct attacks on other resources.

Others, including those hosting Russian websites, were used as watering holes.

It is a common tactic for Crouching Yeti to utilise watering hole attacks where the attackers inject websites with a link redirecting visitors to a malicious server.

“In the process of analysing infected servers, researchers identified numerous websites and servers used by organisations in Russia, US, Europe, Asia and Latin America that the attackers had scanned with various tools, possibly to find a server that could be used to establish a foothold for hosting the attackers’ tools and to subsequently develop an attack,” said the security specialists in a blog posting.

“The range of websites and servers that captured the attention of the intruders is extensive,” the firm said. “Kaspersky Lab researchers found that the attackers had scanned numerous websites of different types, including online stores and services, public organisations, NGOs, manufacturing, etc.

Kaspersky Lab said that the hackers used publicly available malicious tools, designed for analysing servers, and for seeking out and collecting information. The researchers also found a modified sshd file with a preinstalled backdoor. This was used to replace the original file and could be authorised with a ‘master password’.

“Crouching Yeti is a notorious Russian-speaking group that has been active for many years and is still successfully targeting industrial organisations through watering hole attacks, among other techniques,” explained Vladimir Dashchenko, head of vulnerability research group at Kaspersky Lab ICS CERT.

Russian government?

“Our findings show that the group compromised servers not only for establishing watering holes, but also for further scanning, and they actively used open-sourced tools that made it much harder to identify them afterwards,” he said.

“The group’s activities, such as initial data collection, the theft of authentication data, and the scanning of resources, are used to launch further attacks,” said Dashchenko. “The diversity of infected servers and scanned resources suggests the group may operate in the interests of the third parties.”

This may well tie into a similar conclusion from a rival security vendor.

In 2014 CrowdStrike claimed that the ‘Energetic Bear’ group was also tracked in Symantec's Dragonfly research and had been hacking foreign companies on behalf of the Russian state.

The security vendor had said the group had been carrying out attacks on foreign companies since 2012, with reports of breaches at U.S. power plants that underscored the campaign, and there was evidence that these operations were sanctioned by the Russian government.

Last month the United States for the first time publicly accused Russia in a condemnation of Russian grid hacking of attacks against the American power grid.

Symantec meanwhile warned last year of a resurgence in cyber attacks on European and US energy companies, including reports of access to U.S. utility control rooms that could result in widespread power outages.

And last July the UK’s National Cyber Security Centre (NCSC) acknowledged it was investigating a broad wave of attacks on companies in the British energy and manufacturing sectors.

Related News

• Electricity Forum News

• Grid Technologies News