‘Fragile’ Texas energy grid comes back to life, steep challenges remain

By Brad Brooks

LUBBOCK, Texas (Reuters) – A “fragile” energy grid has fully returned to life for frigid Texans who have spent five days dealing with blackouts caused by a historic winter storm, but challenges in finding drinking water and dealing with downed power lines loomed on Friday.

All power plants in the state were once again functioning, but about 280,000 homes were still without power early Friday while 13 million people – nearly half of all Texans – have seen water services disrupted.

Ice that downed power lines during the week and other issues have linesman scrambling to hook all homes back up to power, while the state’s powerful oil and gas sector has looked for ways to renew production.

Hospitals in some hard-hit areas ran out of water and transferred patients elsewhere, while millions of people were ordered to boil water to make it safe for drinking. Water-treatment plants were knocked offline this week, potentially allowing harmful bacteria to proliferate.

Lina Hidalgo, the top elected official in Harris County, which encompasses Houston, said she was pleased with progress in the past 24 hours, but warned residents to brace for more hardship.

“The grid is still fragile,” she said, noting that cold weather would remain in the area for a few days, which would “put pressure on these power plants that have just come back on.”

Texas Governor Greg Abbott confirmed that all power-generating plants in the state were online as of Thursday afternoon. He urged lawmakers to pass legislation to ensure the energy grid was prepared for cold weather in the future.

“What happened this week to our fellow Texans is absolutely unacceptable and can never be replicated again,” Abbott told an afternoon news conference.

The governor lashed out at the Electric Reliability Council of Texas (ERCOT), a cooperative responsible for 90% of the state’s electricity, which he said had told officials before the storm that the grid was prepared for the cold weather.

The lack of power has cut off water supplies for millions, further strained hospitals’ ability to treat patients amid a pandemic, and isolated vulnerable communities, with frozen roads still impassable in parts of the state.

Nearly two dozen deaths have been attributed to the cold snap. Officials say they suspect many more people have died, but their bodies have not yet been discovered.

(Reporting by Brad Brooks in Lubbock, Texas. Editing by Gerry Doyle)

Cyber firms, Ukraine warn of planned Russian attack

Power lines are seen near the Trypillian thermal power plant in Kiev region, Ukraine November 23, 2017. REUTERS/Valentyn Ogirenko

By Jim Finkle and Pavel Polityuk

TORONTO/KIEV (Reuters) – Cisco Systems Inc warned on Wednesday that hackers have infected at least 500,000 routers and storage devices in dozens of countries with sophisticated malicious software – activity Ukraine said was preparation for a future Russian cyber attack.

Cisco’s Talos cyber intelligence unit has high confidence that the Russian government is behind the campaign, according to Cisco researcher Craig Williams, because the hacking software shares code with malware used in previous cyber attacks that the U.S. government has attributed to Moscow.

Ukraine’s SBU state security service said the activity showed Russia was readying a large-scale cyber attack against Ukraine ahead of the Champions League soccer final, due to be held in Kiev on Saturday.

“Security Service experts believe the infection of hardware on the territory of Ukraine is preparation for another act of cyber-aggression by the Russian Federation aimed at destabilizing the situation during the Champions League final,” it said in a statement after Cisco’s findings were released.

Russia has previously denied assertions by Ukraine, the United States, other nations and Western cyber-security firms that it is behind a massive global hacking program, which has included attempts to harm Ukraine’s economy and interfering in the 2016 U.S. presidential election.

The Kremlin did not immediately respond to a request for comment submitted by Reuters on Wednesday.

Cisco said the new malware, dubbed VPNFilter, could be used for espionage, to interfere with internet communications or launch destructive attacks on Ukraine, which has previously blamed Russia for massive hacks that took out parts of its energy grid and shuttered factories.

“With a network like this you could do anything,” Williams told Reuters.

CONSTITUTION DAY ATTACK

The warning about the malware – which includes a module that targets industrial networks like ones that operate the electric grid – will be amplified by alerts from members of the Cyber Threat Alliance (CTA), a nonprofit group that promotes the fast exchange of data on new threats between rivals in the cyber security industry.

Members include Cisco, Check Point Software Technologies Ltd, Fortinet Inc, Palo Alto Networks Inc, Sophos Group Plc  and Symantec Corp.

“We should be taking this pretty seriously,” CTA Chief Executive Officer Michael Daniel said in an interview.

The devices infected with VPNFilter are scattered across at least 54 countries, but Cisco determined the hackers are targeting Ukraine following a surge in infections in that country on May 8, Williams told Reuters.

Researchers decided to go public with what they know about the campaign because they feared the surge in Ukraine, which has the largest number of infections, meant Moscow is poised to launch an attack there next month, possibly around the time the country celebrates Constitution Day on June 28, Williams said.

Some of the biggest cyber attacks on Ukraine have been launched on holidays or the days leading up to them.

They include the June 2017 “NotPetya” attack that disabled computer systems in Ukraine before spreading around the globe, as well as hacks on the nation’s power grid in 2015 and 2016 that hit shortly before Christmas.

VPNFilter gives hackers remote access to infected machines, which they can use for spying, launching attacks on other computers or downloading additional types of malware, Williams said.

The researchers discovered one malware module that targets industrial computers, such as ones used in electric grids, other infrastructure and in factories. It infects and monitors network traffic, looking for login credentials that a hacker can use to seize control of industrial processes, Williams said.

The malware also includes an auto-destruct feature that hackers can use to delete the malware and other software on infected devices, making them inoperable, he said.

(Writing by Jim Finkle and Jack Stubbs; Editing by Mark Heinrich)