Details: The National Council of ISACs shared information regarding the Department of Justice’s updated policy for using Unmanned Aircraft Systems (UAS), which was released in November of 2019.   On November 27, 2019, DOJ published an...

Details: The National Council of ISACs shared information regarding the Department of Justice’s updated policy for using Unmanned Aircraft Systems (UAS), which was released in November of 2019. 

On November 27, 2019, DOJ published an updated copy of its Policy on the Use of UAS [hXXps://www.justice.gov/jm/9-95000-unmanned-aircraft-systems-uas]. They noted that: 

“In light of advancements in unmanned aircraft system (UAS) technology, and lessons learned from the Federal Bureau of Investigation’s limited use of UAS, the Policy enables the Department of Justice’s law enforcement components to safely and responsibly employ UAS technology within a framework designed to provide accountability and protect privacy and civil liberties. . . The Policy permits the use of UAS only in connection with properly authorized investigations and activities.  It also requires compliance with the Constitution and all applicable laws and regulations, including regulations issued by the Federal Aviation Administration.” 

E-ISAC Analyst Comment: It is useful to maintain awareness of government policy on the use of UAS both to inform knowledge of the risks associated with them and ensure that your organization is able to make informed decisions when using UAS. 

Recommendation: The E-ISAC recommends members review the updated policy for awareness. 

The E-ISAC is providing this bulletin for situational awareness. If further information becomes available, it will be added as an update to this post.

According to Threatpost, Mozilla released Firefox 72 browser on January 7, 2020. The update included fixes for five high-severity, four moderate and one low-risk flaw. The update also blocks some third-party fingerprinting of users across different...

According to Threatpost, Mozilla released Firefox 72 browser on January 7, 2020. The update included fixes for five high-severity, four moderate and one low-risk flaw. The update also blocks some third-party fingerprinting of users across different websites.

Some of the flaws addressed are:

CVE-2019-17015

CVE-2019-17017

 CVE-2019-17025

"Mozilla did not indicate if any of these bugs have been exploited in the wild."

Reference:

hXXps://threatpost.com/mozilla-releases-firefox-72/151636/

 

Details: Recent open source articles have noted a few incidents resulting in power outages in Zimbabwe, Bangladesh, and Venezuela. While these are international incidents, they are of interest as the tactics could be an inspiration to those who...

Details: Recent open source articles have noted a few incidents resulting in power outages in Zimbabwe, Bangladesh, and Venezuela. While these are international incidents, they are of interest as the tactics could be an inspiration to those who wish to sabotage the electric grid in North America as well as being a reminder of that damage that can be done.

 

Bangladesh: In an apparent sabotage effort, nine electric meters caught on fire in four separate locations in Bagerhat. All fires occurred simultaneously after midnight within a quarter of a kilometer from each other. The fire was not due to any short circuit or fault.

 

Source: hXXps://unb.com.bd/category/Bangladesh/electric-metres-gutted-in-series-of-fires-sabotage-suspected/35264

 

Zimbabwe: Transformer vandalism and theft has resulted in power outages over the past week, particularly in Marlborough. Residents have noted outage has affected business, lack of water, reduced ability to use facilities, and other health hazards. The Zimbabwe Electricity Supply Authority (ZESA) noted that it takes about five months to replace transformers due to lack of funds. Over 2,200 transformers have been stolen across the country.

 

Source: hXXps://www.zbc.co.zw/vandalism-and-thefts-worsen-power-outages-zesa/

 

Venezuela:  Most of the country faced an approximate 7-hour blackout starting on November 29, affecting 23 of 24 states. The power company, Corpoelec, claimed that there was sabotage at a hydroelectric plant that caused the blackout, though additional details have not been released.

 

Source: hXXps://stockdailydish.com/blackout-hits-most-of-venezuela-as-president-maduro-blames-sabotage-at-power-plant/

 

E-ISAC Analyst Note: While this did not take place in North America and the E-ISAC has not seen any evidence that these incidents will spark actions in North America, it is important to maintain awareness of incidents such as these, as they emphasize the impact of vandalizing electricity related infrastructure.

 

If further information becomes available, it will be added as an update to this post

According to multiple open source websites, the Country of Georgia was hit with a cyber-attack that knocked out thousands of websites, as well as a national television station.  Court websites containing case materials and personal data have...

According to multiple open source websites, the Country of Georgia was hit with a cyber-attack that knocked out thousands of websites, as well as a national television station. 

Court websites containing case materials and personal data have also been attacked, as well as the presidential website.  The origin of the attack, and who was behind it, are not yet known at this time.

At present, the energy sector infrastructure has not been targeted; however, the E-ISAC will continue to monitor for additional developments and provide updates when necessary.

August 19, 2019:  According to Mexico News Daily, there have been over 61,000 vandalism incidents so far in 2019 in Mexico that have triggered electricity outages. The outages have occurred in Sinaloa, Tamaulipas, Michoacán, Sonora,...

August 19, 2019: According to Mexico News Daily, there have been over 61,000 vandalism incidents so far in 2019 in Mexico that have triggered electricity outages. The outages have occurred in Sinaloa, Tamaulipas, Michoacán, Sonora, Hidalgo, Chihuahua, México state, Tabasco and Baja California. This number is higher than combined outages in the same time period for both 2017 and 2018. The article also noted that the Federal Electricity Commission (CFE) increased land and air patrol areas by 60% last year in response to the increase vandalism.

 

Source: hXXps://mexiconewsdaily.com/news/vandalism-triggered-power-outages/

On August 4, 2019, news sources reported that one individual died and another is in critical condition due to a copper theft attempt at a radio transmitter site in Oklahoma. The Tulsa County Sheriff’s office reported that they were called to...

On August 4, 2019, news sources reported that one individual died and another is in critical condition due to a copper theft attempt at a radio transmitter site in Oklahoma.

The Tulsa County Sheriff’s office reported that they were called to the KRMG AM Transmitter Site in Oklahoma the morning of August 4. They found two individuals who appeared to have been electrocuted while attempting to access the building through a conduit. Based on the tools and materials discovered at the site, the sheriff’s office believe they were attempting to steal copper. One of the individuals died, and the other is in critical condition.

Source: hXXps://www.krmg.com/news/local/dead-critical-condition-after-incident-krmg-sand-springs-transmitter-site/95HVjg1jXEWpEzjUKGmDEM/

E-ISAC Analyst Comment: While this is not a member site or related to the electricity industry, it is a good example of how dangerous copper theft can be – not only when stealing the copper itself, but even in accessing sites that contain copper. It is essential to increase awareness of the dangers of copper theft to assist in prevention and mitigation. A few suggested prevention tips provided by members include:

  • Create local groups to address copper theft, such as a coalition to increase public awareness and/or community watches to keep an eye on nearby facilities.
  • Discuss and develop alert or reporting systems to make it easier for residents to report suspicious activity.
  • Increase community awareness by issuing informational brochures and alerts on copper theft.
  • Advocate for stricter laws when dealing with copper theft, such as charging thieves with endanger life to increase penalties, thereby deterring future thefts.

For additional copper theft prevention best practices, please reference the TLP:White Copper Theft Prevention White Paper here [hXXps://www.eisac.com/portal-home/document-detail?id=119770] (119770) developed by the E-ISAC Physical Security Analysis Team in coordination with the Physical Security Advisory Group. This paper aims to provide copper theft prevention best practices and lessons learned that asset owners and operators have implemented successfully in North America.

Recommendation: Be vigilant about suspicious behavior in your area. Please continue sharing this type of activity with the E-ISAC and law enforcement. 

The E-ISAC is providing this bulletin for situational awareness. If further information becomes available, it will be added as an update to this post.

According to The Telegraph, leaked information from Huawei staff's CVs showed some employees had links to China's Military and Intelligence Community. The article details that some employees trained at China's military academy, served as agents of...

According to The Telegraph, leaked information from Huawei staff's CVs showed some employees had links to China's Military and Intelligence Community. The article details that some employees trained at China's military academy, served as agents of the Ministry of State Security and collaborated with the Chinese People's Liberation Army.

hXXps://www.telegraph.co.uk/news/2019/07/05/huawei-staff-cvs-reveal-alleged-links-chinese-intelligence-agencies/

As many of you are aware, a significant power outage occurred in South America Sunday, impacting all of Argentina and Uruguay, as well as portions of southern Brazil, Chile, and Paraguay. Below is an official statement from the Department of...

As many of you are aware, a significant power outage occurred in South America Sunday, impacting all of Argentina and Uruguay, as well as portions of southern Brazil, Chile, and Paraguay.

Below is an official statement from the Department of Energy:

At this time, the cause of the outage remains under investigation. It appears that the outage occurred following the failure of two 500 kV transmission lines.

The Argentine Minister of Energy has stated that they are looking into every possibility but noted that "[w]e don't believe it was a cyber attack."

We will continue to monitor the situation and will provide additional information if there are any updates.

 

Yemen Houthi rebels have recently claimed responsibility for two drone strikes in Saudi Arabia targeting oil pumping stations and resulting in the temporary shutdown of a major pipeline in the kingdom. It is believed that these attacks were...

Yemen Houthi rebels have recently claimed responsibility for two drone strikes in Saudi Arabia targeting oil pumping stations and resulting in the temporary shutdown of a major pipeline in the kingdom. It is believed that these attacks were sponsored by Iran, and the rebels claimed that the drone attacks were part of a coordinated attack which included other energy infrastructure. The rebels said the attacks was a response to “the crimes they are committing every day against the Yemeni people.”[i] [file://wdcevfs1/users$/meredithj/Documents/Portal%20Posts/TLP%20GREEN%20E-ISAC_May%2015%20Drone%20Attack%20Article_v2.docx#_edn1] Although the damage was minimal, the attack demonstrated not just the ownership and usage of armed drones, but the capability to use global positioning satellite technology to target infrastructure. The attack came only a day after four oil tankers were sabotaged near the coast of the United Arab Emirates, two of which appear to also belong to Saudi Arabia, which has led to speculation that the attacks may be connected.

It is important for the electric industry to be aware of attacks such as these as a sign of the increasing threat posed by and weaponization of unmanned aircraft systems (UAS), as well as tactics, techniques, and procedures that are beginning to become more prevalent worldwide.

Below please find some articles related to both incidents for your convenience:

·        Two Saudi Oil Tankers Sabotaged as Tensions Increase in the Gulf [hXXps://www.usnews.com/news/world-report/articles/2019-05-13/two-saudi-oil-tankers-sabotaged-as-tensions-increase-in-the-gulf]

·        Houthi drone attacks in Saudi ‘show new level of sophistication’ [hXXps://www.aljazeera.com/news/2019/05/houthi-drone-attacks-saudi-show-level-sophistication-190515055550113.html]

·        Yemeni Armed Drones Attack Saudi Oil Pipeline [hXXps://www.usnews.com/news/world-report/articles/2019-05-14/yemeni-armed-drones-attack-saudi-oil-pipeline]

·        Saudi Arabia says oil infrastructure attacked by drones [hXXps://www.trtworld.com/middle-east/saudi-arabia-says-oil-infrastructure-attacked-by-drones-26638]

 

A potentially wormable, critical remote code execution vulnerability exists in Microsoft's Remote Desktop Services. This is documented in CVE-2019-0708. Microsoft has provided a patch to mitigate this, however it is noteworthy that they have also...

A potentially wormable, critical remote code execution vulnerability exists in Microsoft's Remote Desktop Services. This is documented in CVE-2019-0708. Microsoft has provided a patch to mitigate this, however it is noteworthy that they have also provided a patch for older, unsupported operating system versions due to the severity of the vulnerability.

The vulnerability could potentially allow an unauthenticated attacker to execute arbitrary code on the target system with full administrative rights. 

Due to the fact that this vulnerability could allow wormable execution with no user interaction, the E-ISAC recommends researching the CVE and ensuring that any vulnerable systems in member environments are patched expeditiously.