Webinar outlines risks utilities face, how to protect against attacks

Customers were able to learn more about Heartland’s cybersecurity program at a recent webinar hosted by Helix Security. Vice President of Business Development Rick Olivier talked about the different cyber threats utilities face and how to protect against cyber-attacks.

“Utilities possess a variety of information worth protecting, including customer personal information, bank account information and employee information,” said Olivier. “Our program helps municipalities understand where their cybersecurity risks are and put a plan in place for protecting sensitive information.”

There are a variety of different methods cyber thieves can use to obtain valuable data. The city of Hecla, SD recently learned first-hand how damaging a cyber-attack can be when they were the victims of ransomware, a type of malware that prevents or limits users from accessing their system until a ransom is paid to the cybercriminal.

Assistant Finance Officer Jessica Casey said she was waiting for a certain invoice to come in via e-mail. As she was looking through her email, she saw one that said “Invoice Attached” and clicked on it. Once she opened the attachment, a ransom virus was released which spread to their file server, locking them out of all their files.

“Normally I’m pretty careful about what I open, but it was hectic in the office that day, I was distracted, and without thinking, I clicked on it,” said Casey.

She immediately contacted their IT company. The issuers of the virus were requesting a ransom to be paid via Bitcoin. They learned it would take about a week to set that up and would have ended up paying $1,500 to $2,000 to get access to their files.

Luckily for the city of Hecla, they had an off-site backup. Their IT company was able to wipe their hard drive clean and reinstall their files. The only downside was their utility billing and accounting program had stopped backing up three months prior, so they had to rebuild those files from scratch.

“It could have been much worse,” said Casey. “Three months of data took some time to re-do, but had it been a year or more, it would have been nearly impossible. We were lucky to have the backups in place.”

Heartland chose to partner with Helix because cybersecurity is a growing concern and finding affordable and knowledgeable resources in this area can be a challenge. Helix can help utilities develop an information security program to help prevent occurrences like this.

“Hecla is the smallest customer Heartland serves in terms of population,” said Heartland Communications Manager Ann Hyland. “I think the situation they experienced proves that attackers will go after anyone, making it vital for all of our customers to ensure they are protected. Anyone with a computer, internet or email is at risk.”

Heartland currently has two customers committed to participating in the cybersecurity program and several more requested information after the webinar.

Helix provides services in five phases. The program is flexible in that once a utility completes one phase, they can either choose to move on to the next phase, or, if they feel comfortable with their results, they can stop there. They can also repeat the same phase multiple times if they feel that is the best option.

Phase 1 includes identifying all the technology and information assets on a utility’s network and on the internet, identifying vulnerabilities in those assets, assessing risk for each asset to better understand how to manage it and finally, Helix will help the utility set risk management goals based on the assessment.

Anyone interested in getting started can contact Helix Security or Heartland Communications Manager Ann Hyland. Pricing varies based on the number of meters of your municipality. Heartland will pay half the cost of each phase, not to exceed $5,000 per phase, per customer.