* Schneider subsidiary Telvent warns of attack
* Telvant says law enforcement also investigating breach
* NERC plans to advise power companies on breach impact
By Jim Finkle
BOSTON, Sept 27 An organization that regulates
U.S. electric utilities is looking into a security breach at a
Calgary, Alberta-based maker of software that big energy
companies use to manage production and distribution of
electricity.
Calgary-based Telvent, which is owned by France's Schneider
Electric SA, quietly warned customers about the
sophisticated attack, which affected its operations in the
United States, Canada and Spain, the cyber security news site
KrebsOnSecurity.com reported on Wednesday.
It is the latest in a string of breaches targeting the
energy sector. Dell's SecureWorks security division
last week disclosed that it had uncovered an unrelated operation
in China targeting energy companies. Symantec Corp and
Intel Corp's McAfee security unit have also discovered
similar campaigns originating in China.
It was not immediately clear who was behind the attack or
how Telvent's customers had been affected by the breach. Telvent
declined to discuss the status of the investigation.
"Telvent is aware of a security breach of its corporate
network that has affected some customer files," said company
spokesman Martin Hanna. "Customers have been informed and are
taking recommended actions, with the support of Telvent teams."
He said that Telvent was actively working "to ensure the
breach has been contained," but declined to elaborate.
A Canadian government spokesman was not immediately
available for comment.
Tim Roxey, chief cyber security officer at the North
American Electric Reliability Corp, said in a statement Thursday
that his group was "gathering more information to advise
industry" about potential fallout from a security breach at
Telvent.
INCREASING RISKS
Joe Weiss, a consultant who advises utilities on protecting
their networks from cyber attacks, told Reuters that most power
industry breaches do not get publicly reported.
"There have been more than a few vendors that have had their
connections hacked from where they are supporting their
customers," he told Reuters. He declined to identify the
companies or elaborate on the attacks.
Hackers have yet to be fingered as the culprits behind any
major electricity outage. Yet experts have warned that the risk
of a large-scale attack has risen in recent years as operators
installed new technologies that make it easier for them to
remotely monitor and direct electricity across the power grid.
KrebsOnSecurity reported that Telvent said in a letter to
customers that hackers had infected its network with malicious
software and stolen project files related to a product known as
OASyS SCADA.
OASyS SCADA software helps utilities monitor and access
computers and other devices across their large networks,
according to Telvent's website.
The customer letter said that the company had disconnected
some data links to customers while it investigated the breach,
according to KrebsOnSecurity.
NERC said in its statement that there was no evidence that
the breach at Telvent had "impacted the bulk power system," but
advised utilities to restrict and monitor remote access to their
networks.
FBI officials did not respond to a request for comment. A
U.S. Department of Homeland Security spokesman declined comment.