PHOENIX — ABC15 has confirmed the Arizona Cyber Command Center is operating at its highest level of alert. Officials are anticipating a Russian cyberattack now that the United States and European allies followed through with economic sanctions in response to Russia's invasion of Ukraine.
Arizona's Director of Homeland Security Tim Roemer has been in almost daily contact with federal cyber security officials in the days leading up to the Russian invasion.
"They've warned us to be prepared for the worst and that we should expect an increase in cyberattacks, especially from criminal organizations and nation states as part of an escalation," Roemer said.
Roemer says critical infrastructure like water treatment facilities, the Palo Verde Nuclear Power plant and financial institutions could be targeted. "It could hit you at any hour of the day. Any industry, any company," Roemer said. "We're completely reliant on technology now, the U.S. and the world. The state of Arizona is no different."
On average the Arizona Cyber Command Center tracks 5 to 7 million threats in Arizona each month. More than 2,000 of those threats are considered advanced or persistent. Roemer has seen this happen before. In 2014, he was part of the Obama Administration's cyber security team when Russia invaded Crimea. In January 2020 when U.S. Forces launched a missile strike killing Qasem Soleimani, the Iranian military leader of the Islamic Revolutionary Guard, Roemer said Arizona was targeted for several days by Iranian cyberattacks. None were successful.
"We have to expect the worst," Roemer said, "hope is not a strategy."
Daniel Rothenberg is a professor at ASU's School of Politics and Global Studies and the co-director for the Center on the Future of War.
Rothenberg said both Russia and the US have enormous cyber capabilities, and a cyberwar between the two countries would be dangerous.
"There's virtually nothing in our society that's a substant element of our infrastructure that doesn't have some cyber vulnerabilities," he said. "We certainly don't want to see a massive tit for tat cyber engagement where each of these large well-resourced countries with exceptional cyber capabilities begin to attack each other."
That includes utilities.
"The idea is to create protective mechanisms --sometimes called resilience -- duplication of computer controls so that if one attack happens in one place, it doesn't bring down the entire grid, etc.," he said.
ABC15 reached out to some of the major utility companies about how they're responding to the Russia-Ukraine crisis and the possible threat to our infrastructure.
An APS spokesperson released this statement:
"Protecting the energy grid and ensuring safe and reliable delivery of electricity is our industry's top priority. APS and our peer companies are committed to making our infrastructure resilient against all threats. The threat of cyber-attacks targeting critical infrastructure is not new, which is why we partner with the government through industry partnerships to share actionable intelligence, deploy state-of-the-art tools, mitigate supply chain risks, and prepare to respond to incidents that could affect our systems."
A spokesperson for the city of Phoenix's Water Services released this statement:
"The water systems are an essential function of the city’s operation. Our staff is dedicated to preventing, detecting, and responding to cyberattacks that may be attempting to access the water systems. Several layers of protection are in place to ensure that vulnerabilities in the systems are secure. Unfortunately, you can never be truly free of risk, but we work diligently every day to ensure that we can continue to provide reliable water services to our customers."A spokesperson for SRP gave ABC15 this statement:
SRP takes threats to critical infrastructure and customer information very seriously and uses industry best practices to protect against exposure. We prepare systems to be resilient against potential impacts and maintain compliance with industry regulations.
SRP safeguards our critical assets by conducting risk assessments of security systems, analyzing threat information, and identifying and implementing physical security measures to reduce any potential risk.
SRP also works closely with industry and government partners to build a network of information sharing, coordinated incident response, and collaboration on critical infrastructure protection issues.
SRP works closely with the Electricity Subsector Coordinating Council (ESCC) including
- Cyber Mutual Assistance (just like mutual assistance for storms).
- Electricity Information Sharing and Analysis Center (E-ISAC)
- Cyber Security Task Force for the Large Public Power Council
- Government and Regulatory Agency Grid Security Exercises
A Southwest Gas spokesperson sent the following statement:
The protection and safety of our customers is paramount for Southwest Gas. We collaborate with various U.S. Department of Homeland Security Departments (i.e. Transportation Security Administration, Cybersecurity and Infrastructure Security Agency and Transportation Security Administration), the Federal Bureau of Investigation, state, local governments, and industry members to continuously evolve our cybersecurity approach in accordance with federal recommendations on today’s threats and industry best practices.