Small Utilities Are Unprepared To Deal With The Next Crisis, But Its Never To Late

Cyberattacks against the energy sector are growing in both number and sophistication Deloitte recently identified energy, and more specifically, utilities, as among the top three sectors targeted for attack in the U.S.

In the past year, more than a dozen utilities in the U.S. were targets, many located near dams, locks and other critical infrastructure. According to The Wall Street Journal, the utilities that were targeted include:

  • Cloverland Electric Cooperative, Michigan, which sits next to the Sault Ste. Marie Locks, a critical juncture for the transport of iron ore to U.S. steel mills

  • Klickitat Public Utility District in Washington state, which is near major federal dams and transmission lines that funnel hydroelectricity to California; and,

  • Basin Electric Power Cooperative in North Dakota, one of the few utilities that are capable of delivering electricity to both the nation’s eastern and western grids.

  • Wisconsin Rapids Water Works and Lighting Commission​ and Flathead Electric Cooperative, which serves members on the Montana-Wyoming border.

Some of these utilities were not even aware that they were attacked until the FBI alerted them.

According to the article, the hackers tried to get malware installed on the computers at the utility company through “phishing” emails.  These are deceiving emails made to look like it came from a reputable source to entice someone to open the door to let the hackers in. Once in, the hackers could then possible take control over the utility computers to steal information or worse, take control over the critical infrastructure including locks, dams and the electrical grid.

Smaller utilities are more vulnerable than the larger ones because they think they lack a budget to identify their risk and implement changes to make their system more secure. But budgets and personnel should never be a barrier to knowing where a company is vulnerable and taking the necessary precautions to minimize any exposure. Here are just a few quick steps utilities can take to protect themselves:

  • Know where you are vulnerable.

  • Make vigilance part of your corporate culture and work hard to educate your employees to make them aware of the risks.

  • Test them to see who will click on a (fake) phishing email and talk to everyone about it.

  • Know the laws around data breaches and when you must report them.

  • Prepare a crisis management playbook so that your company will be prepared when you are attacked.

  • Get to know the reporters who cover your industry so that you can work with them in times of crisis.

  • Work with your vendors in ensuring that they are in compliance and have policies in place to address data breaches.

For more information on the steps, companies can take to prepare a crisis management plan, contact North Coast Strategies.

 

 

Daniel Cherrin

DANIEL CHERRIN |served the City of Detroit as its Communications Director and the Press Secretary to Detroit Mayor, Ken Cockrel, Jr. He is a public relations + affairs specialist who just happens to be a lawyer, with 20 years of experience providing senior public relations and government relations’ counsel to organizations on state and federal regulatory and legislative matters, as well as issues affecting corporate and individual reputation, crisis management and the media. Daniel is the founder of NORTH COAST STRATEGIES (Est. 2005) an independent public relations consultancy that combines the best of a big agency with hands-on executive-level experience and support. As a signatory company to the United Nations Global Compact, we are dedicated to addressing issues around human rights, labor, the environment, and anti-corruption. We are also focused on redefining your brand and changing the conversation to create an impact.