The cyber attack on the Colonial Pipeline earlier this year, which shut down the pipeline for several days, demonstrated the danger of public utilities being the target of ransomware. According to cyber security experts, public utilities are increasingly being attacked by groups looking to hold their data ransom or get access to other information.

According to Joe Howland, chief information security officer for VC3, a company that provides IT services to local governments, “The more critical the service an attacker can compromise, the more likely they are to get paid — and the higher the ransom they can demand. Simple economics.”

Cullman County Water Department Director Randall Waldrep said a cyber attack on the utility is a concern. “It could be devastating if it happens,” he said.

He said the system, which is the third-largest rural water system in Alabama, is protected with passwords and monitoring that lets him know anytime someone logs in. He said they’ve had one incident over a year ago where someone tried and failed to log in to the system.

“We’ve got things in place to try to make sure it doesn’t happen,” he said. 

Cullman Electric Cooperative is also a potential target for cyber criminals. “All together, we are averaging over three million blocked items per month,” said Brian Lacy, communications manager. “The vast majority of them are not attacks on us as a specific company. They are hackers doing broad searches to see what is vulnerable.”

He said there are layers of protection in place, and in addition, “Our employees participate in regular cyber security training in order to recognize potential threats, especially with phishing emails, but also with protecting co-op equipment and information if an employee has to use a public network outside the office.

According to StateScoop, which tracks ransomware attacks, two-thirds of the publicly-known attacks in 2019 were on local or state governments. Howland said the success of attacks on utilities breeds other attacks.

“Previously, a belief existed that critical infrastructure was buttoned up tight and therefore would be a hard target,” he said. “However, once one organization was breached, it became obvious that critical infrastructure has holes just like everyone else.”

Howland said governments need to assume that at some point they will be compromised. “We must assume every organization will get breached at some point. The sooner we detect and respond to threats, the less damage will be done. We can no longer rely on keeping cyberattackers out,” he said.

In addition to preventative measures, he said they need to employ detection tools to alert them to a cyber intruder and train employees on incident response plans.