MISO Breach Latest in Hackers’ Effort to Reach Power Grid

Operating cost data from participants in a power network stretching from the Midwest to the Gulf Coast was compromised in a computer breach that highlighted the rising vulnerability of the U.S. electricity infrastructure.

Midcontinent Independent System Operator Inc. said it was notified June 26 that a computer server tied to its independent monitor was breached. The grids serving California, Texas, New York and New England, which use the same market monitor, weren’t affected because their data isn’t housed on the same server, according to an e-mail MISO sent to market participants.

Utilities have stepped up their information security efforts as new sources of power have made grids more vulnerable by adding potential entrances for hackers. This week it was disclosed that intruders known as “Dragonfly” and “Energetic Bear” gained access to U.S. and European power networks in the past 15 months.

“These attacks over the past three to five years have increased in level and intensity from the information I’ve seen,” Jon B. Wellinghoff, a San Francisco attorney who served as chairman of the Federal Energy Regulatory Commission from 2009-2013, said in a telephone interview after the alert was issued.

President Barack Obama signed an executive order in February calling for work to assess which parts of the grid are most at risk.

Taking Precautions

MISO, based in Carmel, Indiana, said it reported the intrusion to FERC and began investigating. In separate statements, the Electric Reliability Council of Texas Inc. and ISO New England Inc. said they still took precautions to protect their systems.

There was no disruption of U.S. power supplies or the markets from the breach, which MISO was alerted to by market monitor Potomac Economics, John Goode, MISO chief information officer, said in a conference call with reporters.

MISO severed its computer connection to Potomac’s systems as a precaution after it was notified of the breach. While the perpetrator could have seen the market data on the affected server, there is no indication that happened, Goode said. MISO advised market participants to update passwords.

Potomac Economics President David Patton didn’t immediately respond to an e-mail requesting comment. A message on the firm’s website today said the site was temporarily unavailable while maintenance was being performed.

While hackers have taken down U.S. utility websites with denial-of-service attacks and jeopardized customer files, “to my knowledge, there has not been a successful attack in the U.S. that has disrupted power,” Scott Aaronson, senior director for national security policy at the Edison Electric Institute, a trade group, said in a June 30 telephone interview.

Hackers will keep trying, Emile Trombetti, a Linthicum, Maryland-based senior vice president and cybersecurity expert at Booz Allen Hamilton (BAH), said today in a telephone interview.

“As long as there is a computer, there will be a vulnerability,” Trombetti said.

To contact the reporter on this story: Harry R. Weber in Houston at hweber14@bloomberg.net

To contact the editors responsible for this story: David Marino at dmarino4@bloomberg.net Richard Stubbe, Bill Banker

Press spacebar to pause and continue. Press esc to stop.

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.