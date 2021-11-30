Delta-Montrose Electric Association was the victim of a “sophisticated and malicious” cyber security attack, CEO Alyssa Clemsen Roberts confirmed to the board of directors Tuesday, shortly before the board went into executive session on other matters involving privileged legal communication.
Clemsen Roberts declined to respond to an attendee’s question, asking whether it was specifically a ransomware attack. The meeting took place on Zoom and a name was not associated with the question the Montrose Daily Press saw.
“We are a victim of a malicious cyber security attack. In the middle of an investigation, that is as far as I’m willing to go,” Clemsen Roberts said.
Earlier this month, the power cooperative announced a “targeted attempt” on its internal network, which took some operations offline, including SmartHub and electronic bill-pay options. DMEA hired an outside organization to conduct an analysis.
On Monday, Nov. 29, DMEA Board President Kyle Martinez said the co-op was planning to release additional information about the matter on Wednesday, which is still expected to occur.
According to Clemsen Roberts’ presentation, the Nov. 7 cyber attack corrupted 90% of internal network function and “a good portion of our data was corrupted.”
The attack affected phones, email, and data such as forms, documents, spreadsheets and historical data. DMEA was unable to take or make payments, but, per the CEO, the power grid and fiber network were not affected.
The co-op is still dealing with limited functionality of internal systems and working to fully restore the system while the investigation continues and DMEA takes “significant measures” to boost network security.
Although there is limited phone functionality for employees — it is expected full restoration will take at least two more weeks — employee email functionality has been restored.
Further, per the presentation, the Outage Management System is “operational and functional.”
The hope is that operations can fully return to normal by the end of the year.
“This event will not have an impact on rates,” the presentation document stated.
The big question for many pertained to payments and possible late fees. Director Bill Patterson said the question he kept getting was when people needed to pay, how they should do that and how long they would have.
Clemsen Roberts said the intent is to resume SmartHub and kiosk payments the week of Dec. 6 - 10 and to resume billing that same week. The CEO told the board she did not have an exact date. “This is kind of our goal,” she said.
“What we do know is half of our membership will get two bills within about two weeks of each other and the other half will get three bills (two weeks apart). Two weeks, two weeks, two weeks — that’s how our billing cycle works,” she said.
The proposal and recommendation to the board is that, through the end of January, there will not be disconnects for nonpayment or late fees, plus DMEA will offer three-month payment arrangements similar to the process used during the initial stages of COVID-19.
Although Elevate Fiber, DMEA’s wholly owned broadband subsidiary, does not allow for payment arrangements, there will be no disconnects until Jan. 31, 2022.
“What I can tell you right now is we’re still in the investigation. We are still finding things,” Clemsen Roberts said, adding that the board perhaps needed to go into executive session on some of the matters.
Newly seated board member Kevin Williams asked whether any information about members “in terms of addresses and contact information, etc.” was affected and if so, how.
“We do not believe the customer information system that we have … was accessed at this time. Your address, name and things like that that may be in an email or something like that, but your personal information about your address, no. I would say before we continue with anymore questions along this line, we need to move into executive session,” Clemsen Roberts said.
Patterson asked for copies of the timeline proposed, because of the questions about payments and disconnection he has been fielding.
All of the information is soon to be posted and shared with media, the CEO said, before audio briefly cut off on the Zoom call. When it resumed, Patterson said he had been getting some pressure from the Montrose Daily Press while attending a Rotary meeting earlier Tuesday.
That meeting was attended by publisher Dennis Anderson, who said he had wanted to know whether ransomware was involved.
The DMEA board meeting continued with other committee reports and updates before adjourning into executive session to discuss several matters with legal counsel.
At last report, DMEA was still expecting to release an update for membership on Wednesday, further explaining the timeline and strategy.