Sisters' vulnerability to cyber threat
Last updated 2/6/2024 at 9:35am
In testimony to Congress last week - described as chilling - FBI Director Christopher Wray said that China's hackers are targeting American critical infrastructure, including water treatment plants, pipelines and the power grid, to be able to "wreak havoc" in the U.S. if Beijing ever decides to do so.
Testifying before the House Select Committee on the Chinese Communist Party, Wray also warned that there has been too little public attention on the threat that he says China's efforts pose to national security.
"China's hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if and when China decides the time has come to strike," Wray told lawmakers.
The Nugget asked Sisters Public Works Director Paul Bertagna to assess the threat posed to Sisters.
"An advantage to being small is we don't have complex treatment systems that use a lot of chemicals and controls. We are also able to respond to any disruption quickly and we have manual capabilities to override our minimal automation," Bertagna said.
The Nugget asked Brent ten Pas, vice president of member & public relations at Central Electric Cooperative (CEC), what this threat might mean for Sisters power.
He answered: "FBI Director Chris Wray testified before the House Committee that the Chinese are focused on disrupting a range of critical infrastructure, which includes cyber and the electrical grid - potentially posing a threat to Central Electric's electric system and members in Sisters."
Ten Pas added, "Securing and protecting CEC's members' data and electric grid is a top priority. Over the years, our information technology team has implemented multiple layers of security to protect the co-op and members' information. Just over 85 percent of data breaches involve a 'human element,' as cyber hackers prey on individuals using phishing emails as the primary tool. Our information technology team has implemented extensive technological controls that scan and filter out malicious emails. If a phishing email breaks through, our employees - the human firewall - are trained year-round to recognize them and report them immediately to our IT personnel.
"CEC's electric grid covers 5,300 square miles of service territory and numerous substations, making physical security more challenging. The federal Bonneville Power Administration's infrastructure, which delivers power to the co-op and other utilities in Central Oregon, poses another layer of complexity.
"CEC continually monitors, evaluates and prepares for threats to the grid. We have long-standing layers of security across our system to help protect critical infrastructure from threats. Those efforts are routinely assessed and improved upon where and when possible.
"BPA has also intensified its security state, leading its security officers and field staff to increase patrolling of its facilities."
Representatives with TDS Telecommunications, formerly Bend Broadband, who provide roughly 90 percent of all internet to Sisters Country, would not respond directly to our questions, citing security concerns, and not wanting to reveal any defensive measures.
"Over the last two years, we have become increasingly concerned about a strategic shift in PRC (People's Republic of China) malicious cyber activity against U.S. critical infrastructure," Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA) at the U.S .Department of Homeland Security, stated in written testimony as she appeared alongside Wray.
She added, "We are deeply concerned that PRC actors - particularly a group referred to in industry reporting as Volt Typhoon - are seeking to compromise U.S. critical infrastructure to pre-position for disruptive or destructive cyberattacks against that infrastructure in the event of a conflict, to prevent the United States from projecting power into Asia or to cause societal chaos inside the United States."