NEWS

Russian hackers strike Burlington Electric with malware

April McCullum
Free Press Staff Writer
Burlington Electric Department on Pine Street in Burlington pictured on Friday, December 30, 2016.

A Russian hacking group, suspected of trying to influence the U.S. presidential election, struck Burlington Electric, one of Vermont’s electrical utilities, according to the Department of Homeland Security.

Malware was found at the utility in a computer that was not connected to the operation of the grid, Vermont Public Service Commissioner Christopher Recchia said.

The utility found the cyber attack Friday on a laptop after the Obama administration released code associated with the group, dubbed Grizzly Steppe, on Thursday.

The aim of the release was to allow utilities, companies and organizations to search their computers for the digital signatures of the attack code, to see if they had been targeted.

Based on his knowledge, Recchia said Friday night he did not believe the electrical power grid was at risk from the incident. "The grid is not in danger," Recchia said. "The utility flagged it, saw it, notified appropriate parties and isolated that one laptop with that malware on it."

Gov. Peter Shumlin, Sen. Patrick Leahy and  Rep. Peter Welch issued statements Friday night expressing concern about the incident.

Shumlin said in a statement, "Vermonters and all Americans should be both alarmed and outraged that one of the world's leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety."

Sanctions mark rare window into cyberwar

Mike Kanarick, spokesman for Burlington Electric Department, said in a statement: "We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding."

It is unclear if the penetration was an attempt to disrupt the utility or simply a test.

The utility is working with federal officials to trace the malware and prevent any other attempts to infiltrate utility systems, Kanarick said. It has also briefed state officials.

"As commissioner of public service we are very concerned about cybersecurity," Recchia said. "I've been working with homeland security and our department of emergency management, homeland security to make sure that we are on top of things like this because this is a real concern."

Other utilities in Vermont said that they had not been affected.

Shumlin called on the federal government for a "full and complete investigation of this incident and undertake remedies to ensure that this never happens again.”

Statement from Burlington Electric Department: 

"Last night, U.S. utilities were alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to a Russian campaign linked to recent hacks," said Mike Kanarick, spokesman for Burlington Electric Department. "We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding. Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully."

CORRECTION: An initial version of the story stated Russia penetrated the U.S. Grid. Recchia of the Public Service Board and Kanarick of Burlington Electric Department said the grid was not compromised.

Elizabeth Weise of USA Today contributed to this report.

This story was first posted on Dec. 30, 2016. Contact April McCullum at 802-660-1863 or aburbank@freepressmedia.com. Follow her on Twitter at @AprilBurbank