The recent ransomware attack on Colonial Pipeline that shut down gasoline deliveries to much of the eastern United States hasn’t gone unnoticed in Mississippi.
The Mississippi Public Service Commission and Entergy, which serves most of the Jackson metro area and southwest Mississippi, are taking steps to ensure that a similar attack doesn’t happen to them.
The risk of doing nothing is extremely high. If the state’s utilities were compromised in a similar fashion, widespread power outages could take place statewide.
The cyber attack involved ransomware, which is a form of malware that hackers use to lock up the data from a targeted company or individual in an encrypted container. The hackers then threaten to release it to the public (if it is compromising) or keep the victimized company or individual from accessing it without a ransom.
This is paid in untraceable crypto currency which often allows the criminals to escape unharmed.
Colonial Pipeline CEO Joseph Blount told the Wall Street Journal that he authorized a $4.4 million ransom payment to the hackers for the software decryption key that would decode the data in their network.
With the state’s utilities being subsidiaries of deep-pocketed parent companies, they could represent a large target for cyber-criminals.
Mississippi Power’s parent firm the Southern Company had $756 million in total earnings from its electric operating companies in the first quarter of 2021, while Energy had revenues of $335 million during the same period.
Entergy has already been a victim of a cyber attack in February 2018, but the company was able to limit its effects to the internal IT network and some employee computers while preventing its spread to the OT system that controls Entergy’s grid.
“When an event like this happens, we are able to learn, strengthen and build an even more resilient barrier to these types of cyber incidents,” said Entergy spokesman Neal Kirby. “Further, existing safeguards helped limit the impact of this incident and we continue to learn and buttress our protections for this type of incident. There have been no cyber events at Entergy since that 2018 event.”
Kirby also said the company didn’t think the 2018 event was specifically targeted at Entergy or its subsidiaries, didn’t involve ransomware and said also that the company didn’t think the 2018 incident was related to the one that affected Colonial Pipeline.
Public Service Commissioner Brent Bailey represents the Central District on the three-member PSC. He told the Northside Sun that the commissioners are considering adding an inquiry to the utilities they regulate as part of their annual utility infrastructure review.
“But our oversight is limited and I certainly do not want to create an additional, duplicative regulatory burden on the various system operators,” Bailey said. “It is my hope that operators of critical infrastructure step up, review their information technology/operational technology architecture and implement protections to avoid cyber threats and attacks.”
IT is informational based, while operational technology covers controls of vital systems and processes.
The non-profit North American Electric Reliability Corporation, which develops industry standards to ensure the reliability and adequacy of bulk transmission systems, has issued guidance for utilities to avoid and report crippling cyber attacks to federal regulators and other utilities. These standards have been approved by the Federal Energy Regulatory Commission, known as FERC.
The Colonial Pipeline attack was discovered on May 7 about 5:30 a.m. and it took the company an hour to shut down the pipeline to prevent the infection from migrating from its IT system to its OT system, which manages 260 delivery points in 13 states and the District of Columbia.
The pipeline is responsible for 45 percent of the gasoline consumed on the East Coast and the shutdown led to price hikes, empty stations and gasoline hoarding in affected states.
