Source URL: https://www.theregister.com/2025/03/12/volt_tyhoon_experience_interview_with_gm/
Source: The Register
Title: This is the FBI, open up. China’s Volt Typhoon is on your network
Feedly Summary: Power utility GM talks to El Reg about getting that call and what happened next
Nick Lawler, general manager of the Littleton Electric Light and Water Departments (LELWD), was at home one Friday when he got a call from the FBI alerting him that the public power utility’s network had been compromised. The digital intruders turned out to be Volt Typhoon.…
AI Summary and Description: Yes
**Summary:** The text outlines a significant cyber intrusion incident involving the Littleton Electric Light and Water Departments (LELWD) by a Chinese hacker group known as Volt Typhoon. It highlights the vulnerabilities in critical infrastructure security, particularly in regard to outdated hardware and the importance of maintaining robust cybersecurity measures. This event underscores the growing threat that state-sponsored cyberattacks pose to even small public utilities, emphasizing the need for improved vigilance and updated infrastructure in the face of emerging threats.
**Detailed Description:** The case study of LELWD provides critical insights into the vulnerabilities faced by public utilities and the escalating risks of cyberattacks from foreign entities. Key takeaways include:
– **Incident Background:**
– LELWD was notified by the FBI of a compromise by Volt Typhoon, a state-sponsored hacking group linked to the Chinese government.
– The initial response from LELWD’s general manager, Nick Lawler, reflected disbelief over the attack due to the perception of their low-risk profile within the broader infrastructure.
– **Communication Breakdown:**
– Initially skeptical, Lawler questioned the legitimacy of the FBI’s request, fearing it was a phishing attempt.
– Eventually, direct confirmation from the Boston FBI office led to heightened concern for the security of the utility.
– **Vulnerabilities Exposed:**
– The breach was facilitated through an outdated FortiGate 300D firewall, which had not been patched despite known vulnerabilities.
– This points to a broader issue of inadequate cybersecurity practices within smaller public utilities, which may lack the resources or expertise to maintain up-to-date defenses.
– **Government Involvement:**
– The Department of Homeland Security and local agencies responded by installing additional sensors for monitoring, accepting the risk of leaving an open vulnerability for the greater goal of tracking and countering the intruders.
– The utility had previously partnered with Dragos to enhance its operational technology security, which played a vital role in detecting unusual network activities prior to the breach.
– **Post-Incident Measures:**
– Following the incident, LELWD not only patched the firewall vulnerability but also undertook a complete network reconstruction to eliminate any residual compromises.
– A penetration test performed by government agencies ensured the effectiveness of the new defenses.
– **Ongoing Implications:**
– The incident highlights that even small-scale utilities are not immune to sophisticated cyber threats, necessitating a reevaluation of cybersecurity strategies.
– It raises concerns about the motives of state-sponsored attacks, suggesting a dual focus on reconnaissance and potential espionage.
**Key Insights for Security Professionals:**
– The breach of LELWD serves as a cautionary tale for critical infrastructure entities about the necessity of continually updating and monitoring their cybersecurity frameworks.
– It emphasizes the critical importance of collaboration with federal agencies and cybersecurity firms to bolster defenses.
– Organizations need to invest in both hardware upgrades and personnel training to recognize and respond appropriately to potential threats.
– There is a call for increased awareness regarding the interconnectedness of various utilities and how vulnerabilities in one can pose risks to many others within the grid.