This group brings together the best thinkers on energy and climate. Join us for smart, insightful posts and conversations about where the energy industry is and where it is going.

Post

Is America's Critical National infrastructure prepared for the ongoing Ransomware siege and what can they do to avoid it?

image credit: ​​​​​​​Image credit: Google Images - Andy Jenkinson
Andy Jenkinson's picture
Group CEO Cybersec Innovation Partners

Over 15 years compliance, risk and more latterly Cyber Security.

  • Member since 2021
  • 16 items added with 7,074 views
  • May 21, 2021
  • 998 views

The date is December 30, 2023 and this week the US Electric Grid has been hit by two more devastating cyberattacks. Ransomware demands for a total of $200 Million have been received as the grid is crippled for the fourth day in a row and several million people on the West Coast remain without power. The knock-on effect to stores, banks, communications, food storage, water treatment and so on is mounting up. Customers are outraged as the public has demonstrated and attacked Executives’ homes of the Electric companies as angry groups tear down gates, walls, and defences. Sadly, sixteen people have died in one demonstration that got out of hand when law enforcement failed to manage the angry crowd which resulted in crossfire, confusion, and a rampage. Investigations have started on the cause of these deaths, however probable stampeding by over fifty thousand angry customers is suspected to be the cause.

Anarchy has certainly fallen upon the West Coast and following last year’s Ransomware attacks, at the very same companies, means their financial position maybe they are unable to meet the demands, it is unclear how this unbelievable situation will be resolved. In a damning report from last year, it has been revealed that remote access was gained through insecure internet connections. Class actions of gross negligence by more than Ten million customers who last year went without power for over a week and over one hundred thousand people have had their digital identities stolen and misused, racking up debts for the totally innocent customers due to the PII data theft. The Whitehouse and the President have issued an Executive Order and the National Guard has been deployed, again.

This is the future the world currently faces, and specifically the Critical Infrastructure (CI) providers if they continue to ignore their internet facing and connected security…

Let us come back to today, May 13, 2021. This week we have witnessed Colonial Pipeline cyberattack and breach that has caused a week of disruption. Gas stations and fuel lines have run dry and a huge number of people on the East Coast are angry and want answers. The situation may only have been minimised by the restrictive effects of Covid-19. Fuel prices have escalated, when, and if it was found and Colonial, have been found to having inadequate security, let alone good security, or good security resources. This insecure position enabled and facilitated remote access and in turn that remote access facilitated the breach. The total losses to Colonial this week including the $11 Million ransomware payment to DarkSide the Ransomware gang may surpass $100 Million. The overall security rating of Colonial below tells a worrying, systemic position:

Colonial have a woeful internet facing security Rating of F and 0. That is as bad as the ratings get and behind this rating lies a plethora of insecure, easily exploitable positions. Apart from being categorized as a CI, what has this to do with the Grid and its modernization?

The first paragraph above dated December 30, 2023 is fast approaching and as part of a research program we were asked by the CI Industry to undertake, the findings clearly indicate that unless the Electric Grid, RSO’s and ISO’s companies add fit for purpose security as part of their programmes, they will fall victim to these attacks and be victims with all that will entail including Class Actions Lawsuits.

We were asked to research the security posture and rating of the following providers within the sector and the findings below should act as a major wakeup call and catalyst to drive change as part of the sectors overall plans before it is simply too late.

  • PJM Interconnection
  • MISO
  • ERCOT
  • SWPP
  • NE ISO
  • CAISO

PJM Interconnection LLC (PJM) is a regional transmission organization (RTO) in the United States. It is part of the Eastern Interconnection grid operating an electric transmission system serving all or parts of DelawareIllinoisIndianaKentuckyMarylandMichiganNew JerseyNorth CarolinaOhioPennsylvaniaTennesseeVirginiaWest Virginia, and the District of Columbia.

The Midcontinent Independent System Operator, Inc., formerly named Midwest Independent Transmission System Operator, Inc. (MISO) is an Independent System Operator (ISO) and Regional Transmission Organization (RTO) providing open-access transmission service and monitoring the high-voltage transmission system in the Midwest United States and Manitoba, Canada and a southern United States region which includes much of Arkansas, Mississippi, and Louisiana. MISO also operates one of the world's largest real-time energy markets.

The Electric Reliability Council of Texas, Inc. (ERCOT) is an American organization that operates Texas's electrical grid, the Texas Interconnection, which supplies power to more than 25 million Texas customers and represents 90 percent of the state's electric load. ERCOT is the first independent system operator (ISO) in the United States and one of nine ISOs in North America. ERCOT works with the Texas Reliability Entity (TRE), one of eight regional entities within

the North American Electric Reliability Corporation (NERC) that coordinate to improve reliability of the bulk power grid.

Southwest Power Pool (SPP) manages the electric grid and wholesale power market for the central United States. As a regional transmission organization, the non-profit corporation is mandated by the Federal Energy Regulatory Commission to ensure reliable supplies of power, adequate transmission infrastructure and competitive wholesale electricity prices. Southwest Power Pool and its diverse group of member companies coordinate the flow of electricity across approximately 60,000 miles of high-voltage transmission lines spanning 14 states. The company is headquartered in Little Rock, Arkansas. 

ISO-NE oversees the operation of New England's bulk electric power system and transmission lines, generated and transmitted by its member utilities, as well as Hydro-QuébecNB Power, the New York Power Authority and utilities in New York state, when the need arises. ISO-NE is responsible for reliably operating New England's 32,000-megawatt bulk electric power generation and transmission system. One of its major duties is to provide tariffs for the prices, terms, and conditions of the energy supply in New England. The Rating of B and 75/100 is a great improvement over others and it would not be unreasonable to assume with this security rating ISO-NE would be the last CI on this list to be targeted. 

The California Independent System Operator (CAISO) is a non-profit Independent System Operator (ISO) serving California. It oversees the operation of California's bulk electric power system, transmission lines, and electricity market generated and transmitted by its member utilities. The primary stated mission of CAISO is to "operate the grid reliably and efficiently, provide fair and open transmission access, promote environmental stewardship, and facilitate effective markets and promote infrastructure development." [ The CAISO is one of the largest ISOs in the world, delivering

300 million megawatt-hours of electricity each year and managing about 80% of California's electric flow.

The addition of a homepage demonstrating it is sub optimal and Not Secure in the address bar is in the security world a cardinal sin. By using obsolete TLS certificates, the organisation effectively renders the domain owner, the company, totally exposed to cyber attacks such as Waterholes, Drive-By, Shadow Sites, lack of data integrity and data stored as Plain Text data ready to be exfiltrated and encrypted as part of the Ransomware cycle.

Given the research and findings, and the fact that the security Rating of all but one of these critical infrastructure organisations are sub optimal, many identical as the F, the same Rating as this week’s Colonial Pipeline breach, which has been shown to have been the root cause for the initial targeting and cyberattack, we can only hypothesise how many of the above will fall foul of similar attacks and what disruption such attacks and subsequent outages might have. One thing for sure is Ransomware attacks have become big business. Cyber gangs do not care how much disruption they cause, in fact the more the better as it increases the likelihood of ransom payments being paid more swiftly.

In conclusion, Colonial Pipeline, and every organisation must take security seriously, that cannot be by adding a cyber policy as the underwriters may deny any settlement if, like Colonial security negligence and basic security was omitted. The picture above is unequivocally dire and demonstrates a total lack of basic security across this sample group.

If the same intelligence were discovered by cyber criminals., I would seriously suspect that attacks were potentially already in flight…Finally, when is NOW a good time to address security? No matter what has gone before, security is the responsibility of every company and every Board Member and Executive, the clock is ticking. Attacks on websites and servers are at the rate of two hundred thousand a day.

Playing Russian roulette (no pun intended) should not be a game of choice…

Image credits: Andrew Jenkinson

Discussions
Bob Meinetz's picture
Bob Meinetz on May 22, 2021

Andy, the recent spate of ransomware attacks are all due to vulnerabilities in Microsoft Exchange Server. So the simple answer to your question is: use a different server.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »