Announcements

According to The Telegraph, leaked information from Huawei staff's CVs showed some employees had links to China's Military and Intelligence Community. The article details that some employees trained at China's military academy, served as agents of the Ministry of State Security and collaborated with the Chinese People's Liberation Army.

hXXps://www.telegraph.co.uk/news/2019/07/05/huawei-staff-cvs-reveal-alleged-links-chinese-intelligence-agencies/

As many of you are aware, a significant power outage occurred in South America Sunday, impacting all of Argentina and Uruguay, as well as portions of southern Brazil, Chile, and Paraguay.

Below is an official statement from the Department of Energy:

At this time, the cause of the outage remains under investigation. It appears that the outage occurred following the failure of two 500 kV transmission lines.

The Argentine Minister of Energy has stated that they are looking into every possibility but noted that "[w]e don't believe it was a cyber attack."

We will continue to monitor the situation and will provide additional information if there are any updates.

Yemen Houthi rebels have recently claimed responsibility for two drone strikes in Saudi Arabia targeting oil pumping stations and resulting in the temporary shutdown of a major pipeline in the kingdom. It is believed that these attacks were sponsored by Iran, and the rebels claimed that the drone attacks were part of a coordinated attack which included other energy infrastructure. The rebels said the attacks was a response to “the crimes they are committing every day against the Yemeni people.”[i] [file://wdcevfs1/users$/meredithj/Documents/Portal%20Posts/TLP%20GREEN%20E-ISAC_May%2015%20Drone%20Attack%20Article_v2.docx#_edn1] Although the damage was minimal, the attack demonstrated not just the ownership and usage of armed drones, but the capability to use global positioning satellite technology to target infrastructure. The attack came only a day after four oil tankers were sabotaged near the coast of the United Arab Emirates, two of which appear to also belong to Saudi Arabia, which has led to speculation that the attacks may be connected.

It is important for the electric industry to be aware of attacks such as these as a sign of the increasing threat posed by and weaponization of unmanned aircraft systems (UAS), as well as tactics, techniques, and procedures that are beginning to become more prevalent worldwide.

Below please find some articles related to both incidents for your convenience:

·        Two Saudi Oil Tankers Sabotaged as Tensions Increase in the Gulf [hXXps://www.usnews.com/news/world-report/articles/2019-05-13/two-saudi-oil-tankers-sabotaged-as-tensions-increase-in-the-gulf]

·        Houthi drone attacks in Saudi ‘show new level of sophistication’ [hXXps://www.aljazeera.com/news/2019/05/houthi-drone-attacks-saudi-show-level-sophistication-190515055550113.html]

·        Yemeni Armed Drones Attack Saudi Oil Pipeline [hXXps://www.usnews.com/news/world-report/articles/2019-05-14/yemeni-armed-drones-attack-saudi-oil-pipeline]

·        Saudi Arabia says oil infrastructure attacked by drones [hXXps://www.trtworld.com/middle-east/saudi-arabia-says-oil-infrastructure-attacked-by-drones-26638]

A potentially wormable, critical remote code execution vulnerability exists in Microsoft's Remote Desktop Services. This is documented in CVE-2019-0708. Microsoft has provided a patch to mitigate this, however it is noteworthy that they have also provided a patch for older, unsupported operating system versions due to the severity of the vulnerability.

The vulnerability could potentially allow an unauthenticated attacker to execute arbitrary code on the target system with full administrative rights. 

Due to the fact that this vulnerability could allow wormable execution with no user interaction, the E-ISAC recommends researching the CVE and ensuring that any vulnerable systems in member environments are patched expeditiously.

The Department of Homeland Security has developed a fact sheet entitled “Countering Unmanned Aircraft Systems Legal Authorities” designed to assist in implementing the Preventing Emerging Threats Act of 2018. The fact sheet highlights how DHS will implement the act appropriately to counter UAS that may present a threat, including information such as defense techniques, authorized locations, privacy considerations, and next steps. We have attached the factsheet for members’ continued awareness of UAS and Counter UAS activities.

On May 9^th, threat-research company Advanced Intelligence, LLC, published a report [hXXps://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies] on threat actors “Fxmsp,” who claim to have breached three leading antivirus companies. According to the article, on April 24^th Fxmsp extracted source code from antivirus software, artificial intelligence, and security plugins from those three companies. Fxmsp offered screenshots of the companies’ folders (30 TB), which appeared to contain information about their development documentation, artificial intelligence model, web security software, and antivirus software base code.

The article states that Fxmsp’s known TTPs include accessing network environments via remote desktop protocol servers and exposed Active Directory. The E-ISAC is unaware of matching activity found in the electricity sector.

More information can be found here [hXXps://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/].

The E-ISAC is performing maintenance on the Portal email notification process.

During this time, no Portal account user will receive notifications via email.

Please check the Portal for new postings. Maintenance is expected to be completed within the next three business days.

Email notifications will resume once maintenance has concluded. No action is required on your part.

We apologize for the inconvenience, please contact E-ISAC Operations at 202-790-6000 if you need assistance or have any further questions.

This article, written by researcher Brian Krebs, describes critical security flaws that can expose security cameras and internet-capable consumer electronic devices to eavesdropping, credential theft, and remote compromise. The flaws include a weakness in peer-to-peer (P2P) communications technology and several other critical vulnerabilities. 

The flawed software was developed by China-based Shenzhen Yunni Technology and is bundled with millions of Internet of Things (IoT) devices, including security cameras and Webcams, baby monitors, smart doorbells, and digital video recorders. These types of devices are attractive to consumers because of their easy-access remote-access capabilities and ease of installation. This kind of ease of use and convenience can sometimes cost consumers in security and privacy; this article describes these in great detail.

NERC’s President and Chief Executive Officer Jim Robb stresses the importance of participation in NERC’s grid security exercise, GridEx, in a recent GridEx video. The exercise, held every two years, continues to be a vital part of improving cyber and physical security preparedness to protect the bulk power system across North America. The exercise is scheduled for Nov. 13–14. 

View the GridEx video here [hXXps://vimeopro.com/nerclearning/gridex/video/322825228].

Additional information on GridEx V is located here [hXXps://www.nerc.com/pa/CI/CIPOutreach/Pages/GridEx.aspx].

E-ISAC was provided the attached documents directed to the Dam sector:

Attachment 1: Official CISA/FERC Correspondence 
Attachment 2: Dams Sector Cybersecurity Capability Maturity Model (C2M2)
Attachment 3: Dams Sector C2M2 Implementation Guide