Skip to main content
close search
site logo
Dive Brief

Texas PUC website 'defaced' in low-level attack as state inks new cybersecurity contract

Published Jan. 31, 2020
Robert Walton's headshot
Senior Reporter
Philipp Katzenberger for Unsplash

Dive Brief:

  • The website of the Public Utility Commission of Texas was "defaced" on Jan. 28 in a low-impact attack which exposed no sensitive information but highlights the cyber threat faced by power sector entities and their regulators.
  • PUC officials confirmed that for a brief time the commission home page was obscured by a single banner reading "Hacked by Anonymous Iranian." They said no indication exists yet that the attack was perpetrated by Iran, but further caution is necessary given the recent escalation of tensions between Iran and the United States, according to Richard Henderson, head of global threat intelligence at cybersecurity firm Lastline.
  • The Texas Department of Information Resources earlier this month awarded a new contract to Canon U.S.A for its line of software solutions and services, which includes "comprehensive security capabilities and features," according to the company.

Dive Insight:

"Defacement attacks" have little impact on an entity's operations but can call attention to security weaknesses while also acting as a harbinger of potentially greater intrusions, according to experts.

"Normally defacement attacks are low impact and high profile, with embarrassment being the biggest issue," Henderson told Utility Dive in an email.

The PUC should be "operating under the unlikely assumption that this attack was carried out by a much more skilled attacker [who] has used this highly overt defacement as an opportunity to burrow themselves inside their infrastructure," Henderson said. "A full forensic audit is going to be a must ... The stakes are far too high when it comes to the utility industry."

PUC officials are taking a hard look at the attack, but say there was scant impact.

"An ongoing forensic effort, in conjunction with the state's data center and the Department of Information Resources, has shown no indication of association with a nation state," PUC Director of External Affairs Andrew Barlow said in an email. "As the site contains no confidential information, nothing sensitive was compromised.”

Texas and its utility regulator are taking steps to improve the state's security profile. The state's Department of Agriculture faced a similar attack earlier this month.

According to Canon, its software solutions can equip Texas state government, education and local government entities "with the tools needed to help secure information, protect against threats ... and address suspicious activity. "

Texas utilities must already comply with federal security standards, including the North American Electric Reliability Corporation's existing Critical Infrastructure Protection standards. However, state regulators are considering creation of a cybersecurity monitor that would facilitate sharing best practices between Texas utilities.

"Many state PUCs are wrestling with the need to do something in this area," Sharon Chand, a principal with Deloitte & Touche's cyber risk services, told Utility Dive. "States are feeling the need to take some action, though certainly there are federal programs as well."

Editors' picks

Company Announcements

View all | Post a press release
Forth Roadmap Conference Arrives in Detroit, Michigan September 24 - 26, 2024
From Forth
August 29, 2024
Is the Push to Eliminate Gas Just Hot Air? The Heat is On!
From LaReg Corp.
August 13, 2024
Edo’s OpenADR 2.0b Certification Boosts Scalability of Grid-Interactive Buildings and Virtual …
From Edo
August 22, 2024
Terrasmart De-Risks Hail Damage with New Tracker Stow Feature
From Terrasmart
August 20, 2024
Editors' picks
Latest in Transmission & Distribution
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell