Malware found in Entergy's corporate network raises MISO alert
- Malware discovered on Entergy's corporate network has been removed, but the discovery compelled the regional grid operator to raise its own threat level in response to the news.
- Around noon on Tuesday, the Midcontinent ISO implemented a "System Status Level 2 ORANGE," explaining that Entergy "has been impacted by Malware," reducing the utility's connection to some MISO systems.
- Entergy said the the malware had only impacted its corporate network and some employee devices, and was not connected to the utility's operational systems. While there was some impact on customers' ability to access their accounts, there was no chance that nuclear plants or Entergy's transmission network would have been impacted.
The malware has been eradicated and MISO has dropped its threat level back to 0, or Green, but the event is a reminder of threats the utility industry faces and demonstrates how seriously they are taken.
Entergy said there is no evidence customer data was compromised, though customers did experience slower network responses when logging into their account.
"The systems used to operate Entergy’s nuclear and other power plants, transmission and distribution systems are on separate networks, and are not impacted by this issue," the company said.
Despite that, MISO said the malware had led to "limiting access to their users which limits their ability to connect to some MISO systems. At this time MISO has full visibility and functionality. Entergy has no connection to Crow or MISO Citrix."
Entergy is currently investigating the incident.
Three years ago, a cyberattack on Ukraine resulted in widespread power outages. Since then, the power sector has been bolstering its defenses. Last year, more than 6,000 individuals participated last week in a simulated attack on the power grid in an exercise held once every two years by the North American Electric Reliability Corp.
The Electricity Information Sharing and Analysis Center, the group within NERC that held the GridEx attack simulation, has also been investing millions to upgrade its online systems where utilities can report threats. According to E&E News, E-ISAC will double its number of employees in the next five years.
Most utility executives in North America believe a cyberattack is likely in the next few years. According to a Utility Dive survey of utility professionals last year, cyber and physical grid security is now the most pressing issue facing the industry.
Follow Robert Walton on Twitter