Skip to main content
close search
site logo
Dive Brief

Connecticut utilities steel themselves for successful cyber intrusions

Published Sept. 20, 2018
Robert Walton's headshot
Senior Reporter

Dive Brief:

  • A new report released on Monday from Connecticut state officials described a growing cybersecurity threat that the state's four major utilities, Aquarion, Avangrid, Connecticut Water and Eversource, managed to hold at bay in the past year.
  • While there were no successful intrusions in the past year, officials say there were millions of attempts, with issues consuming more and more time and effort to combat. The analysis also cites "significant improvements and areas of progress" and concluded there were "no known cyber breaches" despite millions of attempts in the last year.
  • Protecting critical infrastructure from intruders has become a major challenge and priority in recent years, and has risen the ranks of utility concerns. This summer the Department of Energy announced a new initiative to test the power grid's ability to recover from outages caused by cyberattacks.

Dive Insight:

Connecticut utility efforts to protect their networks from cybersecurity were successful last year but the state's report highlights what has become common knowledge: hackers' efforts are increasingly targeted, sophisticated and numerous — likely to be successful eventually.

However, the report also concludes that Connecticut's utilities "are spending more time, devoting more resources, educating their workforces and transforming their cultures more thoroughly to meet the increased level of threats." 

The Connecticut Critical Infrastructure 2018 Annual Report is a consensus analysis developed by four state officials and all four public utilities. The report is meant as an overall assessment of the state's electric, natural gas and large water companies' efforts to detect and prevent cybersecurity threats rather than to reflect on specific incidents or companies.

The utilities reported both "increased volume and changing forms of cyber probes on their operating systems during the past year." In particular, increasingly-customized hacking efforts are aimed at specific companies or individuals, known as "spear phishing," and the report warns these attacks may be difficult to repel.

It is "virtually impossible to prevent some success by high-quality spear phishing," the analysis finds.

The Department of Homeland Security sounded the alarm over the summer, claiming Russian-backed hackers had gained the ability to "throw switches" on the power grid and create blackouts. While that warning was ultimately tempered, and officials say it was somewhat overstated, it reflects a growing worry that widespread blackouts could be caused by bad actors.

DOE last month announced a new exercise, "Liberty Eclipse," to test the grid's blackstart capabilities after a cyber-induced blackout. That would fit alongside the North American Electric Reliability Corp.'s biennial "GridEx," simulated attack exercise, which has grown rapidly in recent years.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Utility Broadband Alliance 2024 Summit & Plugfest Shatters Attendance Milestone
From Utility Broadband Alliance
November 21, 2024
ABB launches next-generation medium voltage drive, designed to enhance industrial performance …
From ABB
November 19, 2024
General Atlantic’s BeyondNetZero Fund and TA Partner to Drive Continued Growth of Technosylva
From Technosylva
November 21, 2024
Oncor System Resiliency Plan Approved by PUCT
From Oncor
November 14, 2024
Editors' picks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell