The fact that the Chinese Volt Typhoon hackers remained undetected for over 300 days inside a small public utility’s network is concerning due to their extended time within the electric grid, as well as reinforcing the broader risks posed to larger, more complex critical infrastructure networks.
LELWD embarked on its cybersecurity journey with Dragos through a government-funded initiative by the American Public Power Association (APPA). APPA utilizes these funds to bolster OT cybersecurity at public power utilities. By forming cooperative agreements, APPA members gain access to a variety of programs and resources, including the deployment of advanced monitoring technologies like the Dragos Platform.
To date, APPA has distributed over US$14 million to 32 utilities, supporting 78 cybersecurity projects. This highlights the critical need for selecting not just a security vendor but a genuine partner in OT cybersecurity.
Littleton sits within the NEMA load zone, the highest load center in New England.
"I wouldn't say anything related to our substation or our engineering was compromised," he said. "They did access our servers. They knew where those vulnerable firewalls were, and they tried to get behind them. I still don't know why Littleton other than we had a hole and they found it."
This is the fist successful case I've read about use of the Dragos Neighborhood Watch program within the electric industry. Congratulations to Dragos and LELWD for finding and fixing the issue. I do wish the released report contained more details about how the attack occurred, for example, which attack path was used to successfully breach the network, 1. People, 2. Software, 3. Supply Chain?