- ITC Holdings subsidiary ITC Transmission, NRG Energy subsidiary NRG Power Marketing, and Duke Energy have each reported suspected cyberattacks to the Energy Department in the last twelve months, suggesting a concern with utility and power systems’ vulnerability to hackers.
- Duke Energy concluded the October 2013 report was a false alarm but did find remnants of a virus and isolated the infected computers; ITC Transmission’s June 2013 report also turned out to be a false alarm; and NRG Power Marketing refused comment on its April 24 report.
- A specific group has been targeting electricity generation and transmission utilities and oil pipeline operators by hacking their industrial control systems, according to cybersecurity expert Symantec Corp.
The power system is a target of cyber-attacks because it is vital to so much other critical infrastructure and, according to analysts, the targets are accessible because the system was not designed to security standards but to be open and provide remote access to power suppliers and grid operators.
Utility computer operations are particularly vulnerable to hackers’ malware via the internet access necessary to control and manage transmission and distribution system operations, and at least one public utility’s operations were reportedly recently breached.
Utilities' control centers typically connect to their corporate business networks, making it possible for hackers to move malware from one to the other and, theoretically, from there into ratepayers' systems.