Duke Energy Corp. was hit by more than 650 million cyber attempts to breach the utility’s systems in 2017, the company’s executive in charge of cybersecurity said July 13.
“We fully recognize we are a high-value target for anyone who wants to do anything nefarious to critical infrastructure,” Brian Harrell, Duke’s managing director of Enterprise Protective Services, said at an event at George Washington University’s Center for Cyber and Homeland Security
“The fact that we have this statistic means that we are focused on it, we are looking at it, we are monitoring it, we’re penetrating our own system to ensure that we are moving the envelope,” said Harrell, who is also a senior fellow at the George Washington center.
“We’re trying to find the vulnerabilities before anyone else does, and I think that is the sign of a very mature program,” he added. He said the company is working closely with federal agencies including the Department of Homeland Security, the Department of Energy, and the Federal Bureau of Investigation.
Duke, one of the largest utilities in the world, spent $200 million on physical security upgrades for many electricity substations over the past 18 months, Harrell said. He said the utility also is investing “millions and millions” of dollars into its cybersecurity defenses.
Duke provides electricity to 7.6 million customers in six states in the Southeast and Midwest regions of the U.S. It owns nearly 50,000 megawatts of generation including nuclear, coal, oil, natural gas, and hydropower.