throughout the system in nothing flat.
It was an extremely serious event.

My guess, and it is a guess, is that a utility would have two 100% separate networks. This comes from having worked in various analytical groups at Bell Labs and AT&T. There is no way that the network operations center, which controlled the network was connected to any of the computers that were used for accounting, network planning, marketing or research etc.

The reason is simple. There is absolutely no way that anyone would have thought it useful to do so -- and many reasons to think it was a terrible idea.

I suspect that if this malware was used against the DNC as well and if it can be spread by email, that piece of email may be rather common if many DNC computers were contaminated. In fact, someone in liberal, Democratic Burlington may have downloaded something sent from the DNC using a laptop that he used working for Burlington Electric. NOTE : THIS IS COMPLETELY MADE UP, but as probable as the op. There are many companies where there is one and only one computer system - like the one this person who wrote the Daily Kos article was administrator on.

a system with a very strict protocol -- and where email is severely constricted and certainly no personal email is allowed on any part of that system.

Could be used against any utility. I just watched a Herzog documentary on the net describing hackers methods and it really a combo of cons that allowed them to get into systems or have info sent to them. Using a address books and emails you've read (for info you parlay to look like an insider) to pretend you spoke to someone else - like someone who is on vacation- and get others to email you and then you get in. Strict procedures are needed.

I do not know how the networks were set up at the electric company, but I do know how completely separate they were at another utility -- AT&T. I know that the network that controlled the network, could "speak" to switching machines and reroute calls over the network was completely separate from the various AT&T networks that were used for other purposes. This was true even in the 1990s.

I KNOW that hacking can occur easily. However, from all the statements from the Vermont authorities and the electric company, it sounds like they actually did have things set up right and the laptop affected was NOT on the system that governs the Grid. It sounds like they do have different systems that have no connection.

If a field technician used it to access their system remotely then yes it could affect the grid.

I do not know if the statements are written to appear strong without being untrue OR if people are looking for loop holes in what was said. I think we will know at some point.

breech and plant malicious code in electrical grids across the nation. The question is, where and to what degree have they succeeded. This is merely the only utility that has publicly reported Russia's successful but mercifully partial breech of their security.

He says it goes a lot further than 1 laptop This link was shown to me by a deplorable trying to blame Obama , but I pointed out we had been getting hacked for years all the way back to Palo Alto. I followed the story and it comes from other sources.

http://www.glitch.news/2015-09-22-russian-hackers-have-burrowed-into-critical-u-s-infrastructure-like-the-electric-power-grid-says-intelligence-director.html

If our DNI says we have had the issues for some time.
There are other sources covering the testimony he gave.

A September quote is not speaking of something that was just learned in December.

In September, he could have been speaking of the DNC hack, the Sony attack, and maybe the stupid Podesta attack. There were many many articles, including in technical journals. The Obama administration had actually hired many of the top people, who understood hacking because they were computer geniuses who used their skills to alert the government of potential problems.

Yet it seems that most government web sites and servers have been hacked - some by hostile governments and some likely because someone thought it would be fun to try.

This is not new, the Senate Commerce committee had hearings back in the 1990s that warned that it would be easy to take down the entire internet -- in less than an hour.

I am saying I don't think it matters if they didn't know about this particular incident at that time. As of September, Russians hacking into the grid was already known. If this hacked laptop had anything to do with it is not on the table.

All this quibbling back and forth on the wording if the issues is pointless. The facts are that we are being hacked. Not being a united front against it, trying to keep blame from being directed at any certain victim is giving the bad guys the advantage.

1) Note that none of the direct quotes from Clapper say that the grid was compromised.
2) They site a hearing -- did you consider going to the House site to see what Clapper actually said?

If you had, you would have found that these were the first 4 paragraphs that Clapper said in his prepared statement.

I thought they were quoting a different article and that source was supposed to be reputable.

We still need to look into these sites sources some don't like. What they do is selectively combine different words that are true with other words that are true from another source... What results may or may not be totally factual, but even a broken clock is right twice a day. I still think there is some value in the sources. Without looking at these sources I wouldn't have found this about "Black Energy malware" from the DHS. I told the person that used it on me that we've been getting hacked for years, since Palo Alto..

https://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-281-01B

and there is payload still sitting out there?

to the network. All they clearly say is that they took steps to "isolate" it now.

The article is talking about admin rights to the network. Even if it is an administration laptop, it does not have admin rights. For instance, you probably have a company laptop, that connects to the company network, but you and your laptop do not have admin rights, because you are not the admin. In the same way that you do not have the rights to buy a new office building because you are not the CEO, even though you work in an office building.

... the LT user is admin OF the network.

The malware can spread easiER once on the network, admin rights or not

That is exactly the point of admin rights.

Removing admin rights mitigates 97% of critical Microsoft vulnerabilities
Annual "Patch Tuesday" report shows YoY growth of critical Microsoft vulnerabilities

97% of all critical security vulnerabilities reported by Microsoft can be mitigated by removing admin rights, according to new research from security software company, Avecto.

Avecto analyzed data from security bulletins issued by Microsoft throughout 2014, and found that the number of Microsoft vulnerabilities (242) with a critical severity rating increased 65% over the previous year. Furthermore, 80% of all Microsoft vulnerabilities - regardless of severity ranking - could be mitigated by removing admin rights.

The results also revealed that removing admin rights would mitigate 98% of critical vulnerabilities affecting Windows operating systems, 95% of critical vulnerabilities affecting Microsoft Office and 99.5% of vulnerabilities in Internet Explorer.

Microsoft bulletins are issued on the second Tuesday of each month, a date commonly known as Patch Tuesday, and provide solutions for known security issues.

User accounts with admin privileges are primary targets for exploit, as they provide unrestricted access to an endpoint, enabling malware to bury itself deep inside the operating system, cloak itself from detection and then spread more readily across the network. Employees with admin rights have the ability to install, modify and delete software and files. They can also change system settings, potentially introducing even more vulnerabilities.

"Our 2014 analysis highlights the continued benefits of stripping away admin rights," said Paul Kenyon, EVP of Avecto. "Time and time again, the removal of admin rights proves to be a simple and effective threat mitigation strategy - and yet many businesses are still overlooking this fundamental practice."

"There is a misconception that passive tools, like detection technologies, can provide adequate protection, and yet evidence clearly demonstrates that organizations can no longer afford to rely on reactive strategies to deal with the advanced nature of so many attacks."

Kenyon concluded: "Privilege Management is the first step that every organization should be taking to improve the security posture of all of their endpoints. It can mitigate the majority of advanced cyber-attacks, especially when layered with other proactive approaches, such as application control, patch management and sandboxing."

... and that should be a fact that's not in dispute.

I think this was just a little experiment. What happens when major cities get shut down?

I was just thinking that if a tiny state like VT could be hacked then what is to stop them from shutting down major metropolitan areas.

Could this have been some attempt to disrupt Bernie Sanders Campaign by the Russians if needed?

If there is any connection at all, it might be that someone opened a DNC email to their personal account and downloaded something affected by this malware. (Reports say it is the same malware - assuming this (unlike other claims) is true, this is a logical path.

but we did.

Let's connect the dots. They've hacked and infiltrated our power grid as well as our elections, installed a loser megalomaniac as President, and there's no telling what they've done that we might not know about yet.

1. US arranging the looting of Russian assets to the Oligarchs.

2. Moving NATO into Eastern Europe. They truly believe in geopolitics as a field and fear the loss of strategic depth.

The same people will downplay every horrible thing Trump does, you just watch.

They exist here and everywhere.

already. We'll see how Breitbart, Infowars, etc., handle the news of new discoveries at other companies, but downplay will definitely be a technique.

"WASHINGTON POST STIRS FEAR AFTER FALSE REPORT OF POWER GRID HACK BY RUSSIA." and "MYSTERY: DID CNN AIR FOOTAGE FROM VIDEO GAME DURING RUSSIA HACK REPORT?
Did CNN really use footage from a video game?" Infowars, of course.

It spread throughout their systems.

How is it false equivalence. That is how this stuff spreads.

So we have to thank Putin every morning when the lights go on. Way to go, Trump!