- Ohio-based LTI Power Systems was the victim of a ransomware data breach in which hackers accessed schematics and drawings related to Ameren Missouri operations at two power plants. Ameren told Utility Dive the stolen data was "not confidential information related to our critical or customer operations."
- The energy sector faces a growing cyber threat, increasingly in the form of ransomware attacks. In February, a ransomware attack shut down a U.S. natural gas compressor station for two days.
- A new report released Wednesday by cybersecurity firm Claroty suggests industrial networks may not be properly safeguarded, leaving critical infrastructure in the United States vulnerable to a cyberattack.
The attack on Ameren's supplier comes as many industries recognize a growing threat from ransomware, according to Claroty Chief Security Officer Dave Weinstein.
"We are indeed seeing a steady increase in ransomware attacks across almost all sectors," Weinstein told Utility Dive in an email. "Perhaps most notably, ransomware attacks are growing in their sophistication compared to one or two years ago."
The new brand of ransomware attacks are not fueled by commonly-available malware, "but rather purpose-built code that is uniquely paired to the target environment," Weinstein said. In particular, he said that means electric utilities "should be mindful that they constitute an attractive target to cyber extortionists seeking to hold critical lifeline services for ransom."
In Ameren's case, hackers stole information related to uninterruptible power supply equipment used to mitigate power outages. The utility said it has investigated the breach.
"As part of our procurement process, standard schematics or drawings may be shared with suppliers to support procurement of materials, but the documents in question do not contain any information that would put Ameren assets or customer data at risk to external threats," the utility said in a statement.
It is the second ransomware attack on the energy sector to make headlines in the last month. The U.S. Cybersecurity and Infrastructure Security Agency in February released information related to a natural gas compressor attack, noting that it caused a "loss of productivity and revenue."
According to Claroty's report, more than half of IT security professionals globally say today’s industrial networks are not properly safeguarded and critical infrastructure is vulnerable to a cyberattack.
The report finds 56% of experts say hacking will be the most prevalent type of threat this year, followed by ransomware (21%) and sabotage (12%). Claroty's survey further concluded "there is also a strong consensus among U.S. practitioners that electric power is the most vulnerable sector of critical infrastructure," followed by the oil and gas sector and then transportation.
Still, Weinstein said electric utilities have years of experience in protecting their assets, in part due to the prevalence of regulations and security standards. The North American Electric Reliability Corporation maintains Critical Infrastructure Protection standards, and is currently in the process of updating those requirements.
"Regulations have played a part in this maturity, but in most cases electric utilities treat cybersecurity as far more than a compliance requirement," Weinstein said. "The gas sector likewise prioritizes cybersecurity, but as a rule their networks can be a bit more challenged to protect."
The sector's focus on security may be one reason data breaches are evolving, according to Sameer Dixit, vice president of security consulting at Spirent, a telecommunications company that provides security solutions.
"Attackers are aware of the prevailing wisdom advising regular backups of critical applications and data, so they have started taking a different approach with a goal that is less about impacting the company immediately and more focused on stealing intellectual property that can be sold and used for larger attacks in the future," Dixit told Utility Dive.
Because data theft may not have an immediate impact, it can go undetected for months, said Dixit. "This means in addition to solid backups and recovery, companies need to turn to early detection," he said.