FRANKFORT, Ky. (WDRB) -- Recent cyberattacks have heightened concerns about the security of the nation's infrastructure. A major oil pipeline, a meat processing company and a public transit system have all been hit by hackers or ransomware.
Kentucky’s utility companies told lawmakers at a hearing Thursday in Frankfort that a cyberattack on the state’s power grid is almost inevitable.
“We're planning for not if, but when we have a cyberattack,” said Keith Butler, senior vice president and chief security officer of Duke Energy. “Threats we see every day are continuing to increase in frequency and sophistication.”
Representatives from Duke Energy, American Electric Power and LG&E-KU testified before the Joint Interim Natural Resources and Energy Committee about the steps they are taking to keep the lights on in case of attack. The companies said they have teams trained to protect and respond and are constantly updating technology and techniques.
“If we suspect anything's in our system, the internet gets disconnected immediately,” said Stephen Swick, vice president and chief security officer of American Electric.
The utility leaders said they conduct drills, even trying to hack into their own systems.
“We have internal folks that do this as well as we hire external,” Butler said. “And our employees don't even know it's coming.”
“Those are very valuable to help us identify gaps and also exercise our team and our incident response if we had a ransomware event,” said David Mcleod, director of IT and risk management for LG&E-KU.
But the companies said the new threat that worries them most is not hackers from Russia but their own employees and the electronic devices they bring into the workplace. Smartphones and apps are increasingly able to track location, activity and even conversations.
“This is a new set of challenges,” Swick said. “And sometimes, it's protecting users from themselves. They're not intending to be malicious in most cases.”
“We put out regular security briefings to our employees on, not just company-related but on social media accounts and things they should be doing with their personal devices,” Butler added.
Republican Sen. Brandon Smith, the committee co-chairman, told WDRB News he is confident the utilities are doing what they can to protect the grid.
“I think that our state of Kentucky, our group, is doing a very good job,” he said.
But Smith agreed that increasingly invasive smart devices are a concern.
“I think the concern for us is elevated in a sense that there is sort of a new threat," he said.
The utility companies plan to take part in a nationwide cybersecurity stress test in November.
Copyright 2021 WDRB Media. All Rights Reserved.
