51¶ÌÊÓƵ

LES is part of the nation's interconnected electrical grid, and that critical national infrastructure is a rich target for nation-states, terrorists and international criminals.

There's a lot more that LES Administrator and CEO Kevin Wailes can't tell us, but he can tell us that the utility has invested $7 million to $8 million to enhance security and that LES defends itself from an astounding number of potential breaches of computer security.

"Probably 70 percent of the bad things that happen result from bad cyber hygiene," Wailes said. "Folks sloppy with passwords; some not logging out of their computers."

LES is aggressively working to correct that piece of the security problem, but it's the outside actors who pose the looming threat.

Do we know of attempts from other countries?

"Yes," Wailes said. 

Earlier this year, the U.S. Department of Energy issued a warning that the nation's critical infrastructure is in "imminent danger" of a cyberattack that could have devastating consequences.

"The current cybersecurity landscape is characterized by rapidly evolving threats and vulnerabilities, juxtaposed against the slower-moving deployment of defense measures," the department said.

Such an attack could at least temporarily cripple the economy, endanger health and safety, and even undermine critical defense infrastructure, the DOE stated.

"I have a playbook set up for different events," Wailes said during an early-morning interview on a hot July day that would send temperatures soaring above 100 degrees, providing a timely reminder that access to electrical power sometimes can be the difference between life and death.

"The economy, health, quality of life depends on what we do," he said. 

"The hallmark of our industry is reliability."

In its simplest and most basic terms, that means "keep the lights on," Wailes said.

The threat to electric utilities has evolved dramatically and exponentially, he said.

"It used to be squirrels; now it's cyber, physical, severe weather amplified," Wailes said. "Cyber and kinetic."

A crippling cyberattack took down critical infrastructure in Ukraine last month.

In May, coordinated WannaCry ransomware attacks in 150 countries held medical records in Britain's National Health Service hospitals hostage, endangering patients' lives.

A threat is looming out there. 

"Industry and government are working together" now to confront that threat, Wailes said. "But everything is not working perfectly; it's an evolving process."

Wailes is deeply engaged in that effort as vice chair of the national Electricity Sub-Sector Coordinating Council, which develops strategic plans and actions to protect electric utility infrastructure from physical and cyber threats.

"There's a lot of angst that the industry is not doing a sufficient job in protecting reliability," he said. 

But a strong relationship has evolved between the electricity industry and the Department of Homeland Security, Wailes said. And the Department of Defense has weighed in with "a strong presence," he said.

"Government has lots of tools and information on threats (that) we don't have access to," Wailes said. "We need to work together.

"We need to work on resiliency and recovery," he said. "We've formed a cyber mutual aid group to lend assistance. 

"If there's a massive cyberattack, the concern is we don't have the bench strength. So tons of efforts are going on now.

"We've made lots of strides," he said. "There's lots to be done."

LES now has "one of the highest reliability numbers in the country," Wailes said. "We try not to make ourselves a target."

"Seven years ago, we didn't have a cybersecurity staff.  We do now."

The best protection is to "block access," and let the good stuff in, Wailes said.

"But all you need is a computer to create havoc.

"It's a new world."