No operational impacts to energy grid despite reports, EEI says

Published on July 25, 2018 by Kevin Randolph

© Shutterstock

Edison Electric Institute (EEI) released a statement Tuesday responding to a Wall Street Journal report that stated hackers from a Russian state-sponsored group gained enough access to the networks of several U.S. power companies last year that they could have cause grid-level blackouts.

The Wall Street Journal report focused on a recent Department of Homeland Security (DHS) briefing on the subject. Officials said hackers infiltrated the utilities through spearfishing emails aimed at stealing credentials from employees of third-party vendors working with the companies in order to take information about utility operations. DHS officials warned that some companies still may not know that they have been compromised since actual employee credentials were used to get inside the network, the report said.

“[This] news is not news,” EEI Vice President of Security & Preparedness Scott Aaronson said. “And there have been no operational impacts to the energy grid from these threats.”

The cyberattack was first discovered in the spring of 2016 and continued throughout 2017.

Aaronson noted that the federal government informed the industry in July 2017 of a campaign targeting critical electric infrastructure. In March, the Electricity Information Sharing and Analysis Center provided an update on the initial federal report to ensure North American electric companies are prepared to protect and defend network operations.

This type of information sharing, Aaronson said, is indicative of the strong industry-government partnership that is crucial to securing the national energy grid from potential threats.

“The electric power industry takes all vulnerabilities and threats to the energy grid very seriously,” Aaronson said. “Energy grid operators work in close coordination with government security experts to share threat intelligence and to prepare and respond to incidents that could impact the nation’s critical infrastructure.”