* Schneider subsidiary Telvent warns of attack
* Telvant says law enforcement also investigating breach
* NERC plans to advise power companies on breach impact
By Jim Finkle
BOSTON, Sept 27 (Reuters) - An organization that regulates U.S. electric utilities is looking into a security breach at a Calgary, Alberta-based maker of software that big energy companies use to manage production and distribution of electricity.
Calgary-based Telvent, which is owned by France’s Schneider Electric SA, quietly warned customers about the sophisticated attack, which affected its operations in the United States, Canada and Spain, the cyber security news site KrebsOnSecurity.com reported on Wednesday.
It is the latest in a string of breaches targeting the energy sector. Dell’s SecureWorks security division last week disclosed that it had uncovered an unrelated operation in China targeting energy companies. Symantec Corp and Intel Corp’s McAfee security unit have also discovered similar campaigns originating in China.
It was not immediately clear who was behind the attack or how Telvent’s customers had been affected by the breach. Telvent declined to discuss the status of the investigation.
“Telvent is aware of a security breach of its corporate network that has affected some customer files,” said company spokesman Martin Hanna. “Customers have been informed and are taking recommended actions, with the support of Telvent teams.”
He said that Telvent was actively working “to ensure the breach has been contained,” but declined to elaborate.
A Canadian government spokesman was not immediately available for comment.
Tim Roxey, chief cyber security officer at the North American Electric Reliability Corp, said in a statement Thursday that his group was “gathering more information to advise industry” about potential fallout from a security breach at Telvent.
Joe Weiss, a consultant who advises utilities on protecting their networks from cyber attacks, told Reuters that most power industry breaches do not get publicly reported.
“There have been more than a few vendors that have had their connections hacked from where they are supporting their customers,” he told Reuters. He declined to identify the companies or elaborate on the attacks.
Hackers have yet to be fingered as the culprits behind any major electricity outage. Yet experts have warned that the risk of a large-scale attack has risen in recent years as operators installed new technologies that make it easier for them to remotely monitor and direct electricity across the power grid.
KrebsOnSecurity reported that Telvent said in a letter to customers that hackers had infected its network with malicious software and stolen project files related to a product known as OASyS SCADA.
OASyS SCADA software helps utilities monitor and access computers and other devices across their large networks, according to Telvent’s website.
The customer letter said that the company had disconnected some data links to customers while it investigated the breach, according to KrebsOnSecurity.
NERC said in its statement that there was no evidence that the breach at Telvent had “impacted the bulk power system,” but advised utilities to restrict and monitor remote access to their networks.
It was not immediately clear how Telvent’s customers had been affected by the breach or who was behind the attack. Telvent declined to discuss the status of the investigation or provide Reuters with a copy of the letter.
FBI officials did not respond to a request for comment. A U.S. Department of Homeland Security spokesman declined comment.