The Department of Homeland Security announced in an alert on Oct. 29 that several industrial control systems -- vendor-issued programs used by private companies to manage internal systems -- had been infected by a variant of a Trojan horse malware program called BlackEnergy. The Pittsburgh Post-Gazette reported the threat based on DHS's cyberthreat alert.
BlackEnergy is malware designed to target critical energy infrastructure and is believed to have originated with Russian government-sponsored hackers. BlackEnergy was first identified several years ago. Initially, BlackEnergy's custom plugins were used for launching distributed denial-of-service attacks (DDoS), according to Security Week.
The variant infected programs such as GE Cimplicity, Siemens WinCC and Advantech/Broadwin WebAccess that have been used by companies responsible for portions of the country’s critical infrastructure, including “water, energy, property management and industrial control systems vendors” according to DHS.
Utilities are aware of the threat. Duquesne Light knew about BlackEnergy more than three weeks ago, according to spokesman Brian Knavish, and has since performed a "targeted analysis" to determine if it has been impacted. The company concluded it wasn't. BlackEnergy is a "credible threat," Knavish said, but "there are a lot of these and some of them get more attention than others."
BlackEnergy is one of many threats and vulnerabilities monitored by Edison Electric Institute on a regular basis. Some are identified by government agencies, some by companies, and others by researchers, EEI said. The Pittsburgh Post-Gazette reported that EEI, which is central to the information exchange between the groups, has been aware of BlackEnergy for about a month.
There has never been a cyberattack in the U.S. that has affected the distribution of power, according to EEI, but there are cyberattacks all the time that successfully target the industry's business units.