HONOLULU (KHON2) — The nation is being hit with an epidemic fueled by a virus, but not COVID-19.
Ransomware has already raised the prices of meat and gas nationwide, and now White House officials are warning about cyberattacks on public utilities.
Ransomware is malware that locks a computer until the user pays the hacker a ransom, which is often demanded in the form of cryptocurrency or gift cards.
Hawaiian Electric (HECO) is no stranger to cyber attacks. HECO spends millions every year on cybersecurity, a number that is increasing by 20% annually as hackers get more sophisticated.
“Every single day we are repelling thousands of attacks and probes,” HECO spokesperson Shannon Tangonan said.
HECO adds that if an attack were to get through, staff would still be able to keep the power on with a manual system. That is extremely important because Hawaii is the home to several military bases.
“On Oahu, it’s not just about grid security, it’s about national security so we take that responsibility to keep the lights on for armed forces really seriously,” Tangonan said.
Retired Hawaii-based Marine Lt. Colonel Hal Kempfer says nations like Russia and China have advanced attacks, as does the United States, but America’s offense is ahead of its defensive capabilities.
“The concern was that they had bots in our utilities, and they generally thought we had bots in their utilities, and there wasn’t so much mutually assured destruction but another MAD, which is Mutually Assured Dimming. Which is if they turn off our lights, we turn off their lights.” Kempfer said.
The Hawaii State Energy Office (HSEO) is in charge of coordinating resources and responses between the energy sector and the government during an emergency. Hawaii’s power grid is isolated, unlike most states in America.
“Our grid does have it’s unique challenges because we cannot leverage a large bulk energy system and bring in power from other areas,” HSEO managing director Chris Yunker said.
The State is looking at participating in a national training exercise that takes place every two years.
“There is a biennual GridX exercise that is organized by the national Association of Regulated Utilities and so regulated utilities are invited to participate as participants in the grid exercise and that’s coming up this year and there’s a focus on cyber elements,” said HSEO program manager Mark Want.
Targeting a victim is quite simple even though ransomware itself can be very sophisticated. Whether it is a utility, big business or an individual, it usually just takes a click.
“You click on a link, suspicious link it appears to be legit and it directs you to a website where it uploads this ransomware,” cybersecurity expert Chris Duque said.
Duque says to avoid any links from unknown senders. Even if the sender is familiar, check addresses to make sure that they match up with the name of the sender. Be careful of what kind of USB drives go into a personal computer.
Employees can be trained to spot ransomware attacks and Duque says it is important that organizations train workers to spot suspicious emails and links. They are only as secure as their least-trained employee, however.
“We could have the greatest technological defenses on all of these networks but the problem is as long as everybody who works for an organization has an email address the human is the weakest link on the inside of those defenses,” tech expert Ryan Ozawa said.