Skip to main content
close search
site logo
Dive Brief

Small, regional utilities located near critical infrastructure targeted in cyberattack: WSJ

Published Nov. 26, 2019
Robert Walton's headshot
Senior Reporter
Adi Goldstein, Unsplash

Dive Brief:

  • The Wall Street Journal has identified several utilities targeted in a hacking campaign on the power sector earlier this year. They include smaller and regional public power entities that were often located near critical infrastructure.
  • Security firm Proofpoint in September concluded more than a dozen utilities were targeted in a sophisticated phishing scheme dubbed "LookBack." None of the attacks were successful and some utilities were unaware of the attempt, according to the Journal.
  • ​But security experts say smaller electric utilities may pose an oversized threat to the electric grid, as they often lack the robust cybersecurity infrastructure of larger investor-owned utilities.

Dive Insight:

Included in the Wall Street Journal's list of targeted utilities are some you may have never heard of: Klickitat Public Utility District in Washington, Basin Electric Power Cooperative in North Dakota, Cloverland Electric Cooperative in Michigan, Wisconsin Rapids Water Works and Lighting Commission​ and Flathead Electric Cooperative, which serves members on the Montana-Wyoming border.

Some of the utilities were unaware of the attacks until the Federal Bureau of Investigation told them they had been targeted, according to the Journal.

The Journal's report "suggests that this effort was more than just the typical campaign of nation-state efforts against the major U.S. electric sector providers," Jamil Jaffer, IronNet Cybersecurity's vice president of strategy, partnerships and corporate development, told Utility Dive.

Rather, said Jaffer, it appears LookBack was a "focused campaign aimed at the smaller providers in the country targeting key resources and critical infrastructure assets." He said attackers likely wanted to determine whether access was possible and, if so, "what they might be able to get."

For example, Cloverland Electric is near the Sault Ste. Marie Locks, essential infrastructure for U.S. shipping between Lake Superior and the lower Great Lakes.

"Utilities of all sizes are at greater cyber risk than ever before," Eddie Habibi, CEO and co-founder of security firm PAS Global, told Utility Dive in an email. The LookBack attack "is yet another example of the increasing threat they face."

Habibi said the electric grid is an "expanding attack surface" due to rapid digitalization and connectivity between utility systems.​ 

Emails sent to utilities claiming to be from the U.S. National Council of Examiners for Engineering and Surveying contained the LookBack malware. The level of specificity in the claim and targeted emails suggest this was an "advanced phishing campaign," Proofpoint said.

Both Jaffer and Habibi say smaller utilities are at a security disadvantage."Smaller regional utilities may have been lulled into a sense of greater safety based on their size as compared to larger utility providers," Habibi said. "But the reality is that they are just as much at risk and, to a certain extent, even more so because they often lack the level of investment in cybersecurity personnel and tools that larger providers have in place."

Smaller public power providers, rural electric utilities and cooperatives "may often face an uphill battle combating nation-state efforts, even more so than larger provider who also sometimes find themselves up against their match," according to Jaffer.

The solution, he said, absent the federal government providing direct defense, is for large and small providers to work with one another to share threat behaviors in real-time "to create a collective defense capability that leveraged the knowledge and skills of key players in the electric power ecosystem."

But the American Public Power Association disputes the idea that smaller utilities are more vulnerable, and said reaction to the LookBack attack was largely overblown.

"This was nothing more than an IP phishing attack," APPA Senior Vice President of Engineering Mike Hyland told Utility Dive. "This is something we see in various forms on a daily basis.

"The public power sector works with the Department of Energy on a daily basis, said Hyland, and shares information through the North American Electric Reliability Corp.'s Electricity Information Sharing and Analysis Center as well as the Multi-State Information Sharing and Analysis Center.

"We take this really seriously," said Hyland. But as for the focus on LookBack, "We're kind of perplexed."

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Utility Broadband Alliance 2024 Summit & Plugfest Shatters Attendance Milestone
From Utility Broadband Alliance
November 21, 2024
Survey: Utilities Boost Renewables, Reliability Other Goals with Connected Field Assets
From Sitetracker
November 25, 2024
ABB launches next-generation medium voltage drive, designed to enhance industrial performance …
From ABB
November 19, 2024
Oncor System Resiliency Plan Approved by PUCT
From Oncor
November 14, 2024
Editors' picks
Latest in Transmission & Distribution
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.