Updated at 4:35 p.m.
The Burlington Electric Department discovered suspected Russian malware code on one of its laptops Friday, the municipal utility confirmed late that night.
According to BED spokesman Mike Kanarick, the code is associated with a Russian hacking campaign known by the federal government as Grizzly Steppe. Kanarick said in a written statement Friday that the laptop was “not connected to our organization’s grid systems.”
“We took immediate action to isolate the laptop and alerted federal officials of this finding,” he said. “Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems.”
BED issued a second statement Saturday afternoon saying that there was “no indication that either our electric grid or customer information has been compromised.” It said that similar malware had been discovered elsewhere in the country and was “not unique to Burlington Electric.”
“Media reports stating that Burlington Electric was hacked or that the electric grid was breached are false,” the utility said in the second statement.
BED first disclosed the breach shortly after the Washington Post reported late Friday that an unnamed Vermont utility had discovered malware in its systems. That report, which was later updated to identify BED, was sourced to unnamed federal officials.
In the Saturday statement, BED appeared to slam the Washington Post and its sources for spreading what it called erroneous information.
“It’s unfortunate that an official or officials improperly shared inaccurate information with one media outlet, leading to multiple inaccurate reports around the country,” the utility said.
The code was discovered after the Department of Homeland Security ordered the nation’s utilities late Thursday to scan their systems for traces of the Grizzly Steppe campaign. Green Mountain Power, Vermont’s largest electrical utility, conducted a similar scan and “found no security concerns,” spokeswoman Kristin Carlson said in a statement.
In interviews with multiple media outlets, Vermont Department of Public Service Commissioner Chris Recchia downplayed the immediate impact of the breach, but the state’s political leadership seized on the report to assail Russian President Vladimir Putin.
“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality of life, economy, health and safety,” Gov. Peter Shumlin said in a statement late Friday night.
Shumlin called on the federal government to “conduct a full and complete investigation” in order to “put an end to this sort of meddling.”
The incident came during a period of heightened tension between the United States and Russia. On Thursday, the U.S. expelled 35 Russian officials from the country in retaliation for alleged Russian interference in November’s presidential election.
In his own statement, Sen. Patrick Leahy (D-Vt.) called “state-sponsored Russian hacking” a “serious threat” — and the BED incident “the latest example.”
“This is beyond hackers having electronic joy rides — this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter,” Leahy said. “That is a direct threat to Vermont and we do not take it lightly.”
Said Congressman Peter Welch (D-Vt.), “This attack shows how rampant Russian hacking is. It’s systemic, relentless, predatory. They will hack everywhere, even Vermont, in pursuit of opportunities to disrupt our country.”
Got something to say?
Send a letter to the editor and we'll publish your feedback in print!
What’s truly amazing is how the political right is now circling the wagons around their good buddy Putin. My god its was just last year anyone disagreeing with the political right or lets say Bernie Sanders was called a Communist. The pivot to rally around Russia must have damaged their spinal chord.
I wonder if they hacked VT Health Connect too.
“I wonder if they hacked VT Health Connect too.”
Why would they do that? To find out what NOT to do when creating a software program? To find out how to waste hundreds of millions of dollars for a program to serve maybe 30,000 people?
I was thinking that Shummy could have used that as an excuse.
Maybe the non working Vermont Heath Connect was deliberate? Hell you can file a flight plan in mid Africa to Asia without any problem — I always wondered if it were the monkey’s who did not want it to work. I’m sure theirs evidence out there — its just too weak, and way too politically connected.
Am I seeing this correctly? Are we blaming Russian hackers for Vermont Health Connect?
Maybe I should have used the sarcasm font.
Let’s see the evidence that: 1. The malware was targeted at Burlington Electric, rather than one of those viri we pick up whenever we do something stupid on the Internet; 2. That it came from the Russian gov’t, as opposed to criminal elements, organized or not, in Russia or elsewhere.
Grizzly Steppes is a term made up by the U.S. Government. It may be defining a real Russian plot, or some 30 year old living in his parents’ basement, or anywhere in between. Anyone who claims to know othewise, please show us your evidence.