Oklahoma Corporation Commission website remains down following cyberattack
- A cyberattack on the Oklahoma Corporation Commission last week led to the agency's servers being rebooted, including intentionally taking down the OCC's website, email systems and other functions.
- It appears the OCC website remains down this morning, a week after the attack was identified. The Associated Press reports field work will continue to be done and recorded manually, while digital reports and public comments will not be available.
- The utility industry has been working to rapidly improve cybersecurity, and next month the North American Electric Reliability Corp. (NERC) will host a two-day simulated attack called GridEx. The biennial event is aimed at assessing and improving the industry's response to a hacking incident.
The cyberattack's greatest impact was on OCC's information systems, but the full extent remains unknown. Work at the commission continues to be done manually, and digital reports will be entered into the system later.
Office of Management and Enterprise Services spokeswoman Shelley Zumwal told the Associated Press that no sensitive materials were compromised. But there is minimal information the agency can release, because the attack remains an ongoing investigation.
Commission spokesman Matt Skinner told the AP that despite the constraints, "we're still getting business done, but there are certain things we can't do without the system."
Cybersecurity has become a top concern in the last couple of years, particularly in the wake of a successful attack in 2015 in Ukraine, high-profile attacks on other sectors in the United States, and global bouts with ransomware.
A report from Accenture concluded almost 63% of utility executives globally believe their country faces at least a moderate risk of a cyberattack on the electric grid in the next five years. In North America, even more utility executives — 76% — see a cyberattack as likely in the next five years.
NERC officials planning for GridEx IV say the scenario they are most concerned with is a dual cyber-physical attack that could have serious impacts while stretching any response thin.
- US News & World Report Oklahoma's Public Utilities Commission detects cyberattack
Follow Robert Walton on Twitter