Cyberattacks against the energy sector are growing in both number and sophistication Deloitte recently identified energy, and more specifically, utilities, as among the top three sectors targeted for attack in the U.S.
In the past year, more than a dozen utilities in the U.S. were targets, many located near dams, locks and other critical infrastructure. According to The Wall Street Journal, the utilities that were targeted include:
Cloverland Electric Cooperative, Michigan, which sits next to the Sault Ste. Marie Locks, a critical juncture for the transport of iron ore to U.S. steel mills
Klickitat Public Utility District in Washington state, which is near major federal dams and transmission lines that funnel hydroelectricity to California; and,
Basin Electric Power Cooperative in North Dakota, one of the few utilities that are capable of delivering electricity to both the nation’s eastern and western grids.
Wisconsin Rapids Water Works and Lighting Commission and Flathead Electric Cooperative, which serves members on the Montana-Wyoming border.
Some of these utilities were not even aware that they were attacked until the FBI alerted them.
According to the article, the hackers tried to get malware installed on the computers at the utility company through “phishing” emails. These are deceiving emails made to look like it came from a reputable source to entice someone to open the door to let the hackers in. Once in, the hackers could then possible take control over the utility computers to steal information or worse, take control over the critical infrastructure including locks, dams and the electrical grid.
Smaller utilities are more vulnerable than the larger ones because they think they lack a budget to identify their risk and implement changes to make their system more secure. But budgets and personnel should never be a barrier to knowing where a company is vulnerable and taking the necessary precautions to minimize any exposure. Here are just a few quick steps utilities can take to protect themselves:
Know where you are vulnerable.
Make vigilance part of your corporate culture and work hard to educate your employees to make them aware of the risks.
Test them to see who will click on a (fake) phishing email and talk to everyone about it.
Know the laws around data breaches and when you must report them.
Prepare a crisis management playbook so that your company will be prepared when you are attacked.
Get to know the reporters who cover your industry so that you can work with them in times of crisis.
Work with your vendors in ensuring that they are in compliance and have policies in place to address data breaches.
For more information on the steps, companies can take to prepare a crisis management plan, contact North Coast Strategies.