Read on Twitter
Hope @DHSgov is on this attack on the US Energy sector. There needs to be waaaay more coverage into the impacts across all Utility Markets. cc: @JynErso_2017 @TrickFreee theedgemarkets.com/article/cybera…
Chilling takeaway: Attack was reported to the public (4/5) only after ESG was back up and running. It started 3/30. Duke is on record because they ditched ESG. How many providers are still using ESG? How much of our personal data matching HOME addresses were compromised? 
Beyond personal data there exists another threat: Disruption of services. Utility companies must communicate with each other in order for the market to function. Markets differ across the country, but in deregulated markets its amplified by a factor x100.
Here’s why: Say ResistElectric wants to turn off a customer for being deliquent. They use a 3rd Party (ESG) to send that transaction to the poles company to turn off meter. Inability to automate that business process creates unexpected operational costs and balloons bad debt
Now let’s say TrumpTrainElectric also uses ESG. They have a customer that wants to move into their new home. Well getting that to happen next day without ESG is hard. Now add in 15 other competitors and extrapolate over a month. Some discount Energy cos would go bankrupt.
Companies do not have the luxury to float tens of thousands (or 100s) of customer invoices while they figure out a way to get new customers onboarded and bad paying ones turned off. They use an EDI translator to do that and they don’t have another on standby if first is down.
Original reporting, Bloomberg was 4/2. 3 days before the public was notified of the intrusion.
bloomberg.com/news/articles/…
bloomberg.com/news/articles/…
And Bloomberg connected the dots. There are only a few outfits who could pull it off but only one drew warning from US officials last month (accurate 3/30 date of hack) >>> RUSSIA
So let’s get context.
May 29th. Russia was expelling 60 US diplomats. Lavrov extremely upset. Following day, intrusion into ESG. 🤔#TheResistance npr.org/sections/thetw…
May 29th. Russia was expelling 60 US diplomats. Lavrov extremely upset. Following day, intrusion into ESG. 🤔#TheResistance npr.org/sections/thetw…
Well here is NYT on 4/4. The common denominator in the hacks is that EDI Translators were the initial targets! This was a well planned orchestrated attack.
nytimes.com/2018/04/04/bus…
nytimes.com/2018/04/04/bus…
This is worse than I thought.
Hard to imagine transactions being faked in order to disrupt shipments and delivery now after it’s been identified but risks are severe if they ever do.
More Vulnerabilities. More reasons to suggest Russia. Exxon deal was scrapped and Gazprom facing increased scrutiny. 🤔
• • •
Missing some Tweet in this thread? You can try to
force a refresh
