Suspicious Activity Detected On Burlington Electric Department Computer

Dec 30, 2016

Officials at the Burlington Electric Department discovered malware on a Burlington Electric laptop Friday that was identified as part of the Russian hacking offensive, utility officials confirmed Friday evening.

Update 1:20 p.m. Jan. 3, 2017 Neale Lunderville, the general manager of Burlington Electric, says that federal authorities have told the utility that it's unclear if the cyber threat even originated in Russia. More information is available in this follow up story.

From original story, 10:06 p.m. Dec. 30, 2016 A statement from Burlington Electric spokesman Mike Kanarick said the malware was not on a computer connected to the sensitive software that controls the electrical grid.

Last night, U.S. utilities were alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to a Russian campaign linked to recent hacks. We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding. Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully.

The malicious code was reportedly associated with the Russian “Grizzly Steppe” operation, which government officials say is “an ongoing campaign of cyber-enabled operations directed at the U.S. Government and private sector entities.”

Public Service Commissioner Chris Recchia heads up the state department responsible for representing utility customers’ interests. He emphasized in an interview Friday evening that the hack never threatened the power grid.

“One computer in Burlington Electric Department did have malware on it that they discovered,” he said. “It is not at all related to the utility grid operations. This is just like anyone’s administrative computer that may have gotten a particular malware associated with it. But I think Burlington Electric did the responsible thing and called homeland security as well as the FBI to notify them. They have isolated that laptop, there’s no further compromise, and the utility grid was not in danger at any point.”

News of the hack comes a day after the Obama administration announced sanctions against Russia and expelled Russian diplomats in response to claims of that country’s interference in the U.S. presidential election.

Recchia said the hack is a reminder that cybersecurity needs to be a focus for utilities.

“I know that Vermont utilities have been taking cybersecurity issues very seriously and they continue to work on it,” he said. “It will be an evolving process, and of course if we’re dealing with another national government that’s doing this, the stakes are higher and we need federal partners to help on this stuff too.”

In a statement, Green Mountain Power spokeswoman Kristin Carlson said the state’s largest electric utility has done a thorough check of its computer systems and found no problems.

“GMP was also recently thoroughly reviewed for safety by the U.S. Department of Homeland Security,” she said in the statement. “The company will continue to rigorously monitor our system and remain vigilant.”

Update 10:58 p.m. Gov. Peter Shumlin has released the following statement in response to Burlington Electric Department's discovery:

“We’ve been in touch with the federal government, state officials, and Vermont’s utilities on this matter. Vermonters and all Americans should be both alarmed and outraged that one of the world's leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety. This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling. I call upon the federal government to conduct a full and complete investigation of this incident and undertake remedies to ensure that this never happens again.”

Update 7:51 a.m. Dec. 31, 2016 Sen. Patrick Leahy issued a statement Friday night, calling the hack "a direct threat to Vermont."

State-sponsored Russian hacking is a serious threat, and the attempts to penetrate the electric grid through a Vermont utility are the latest example.  My staff and I were briefed by Vermont State Police Colonel Matthew Brimingham this evening.  This is beyond hackers having electronic joy rides – this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter.  That is a direct threat to Vermont and we do not take it lightly.

Update 1:20 p.m. Jan 3, 2017 The headline of this post was updated to reflect the fact that officials do not know if Russian hackers were responsible for the issue reported to federal officials by Burlington Electric.