Eric Lacy

Lansing State Journal

LANSING - For the second time in just more than three years, the Lansing Board of Water & Light faces an emergency that limits its ability to serve customers.

But unlike the 2013 ice storm that left 40 percent of the utility’s 96,000 customers without power for nearly two weeks, the city-owned utility is the victim of a crime that requires assistance from federal, state and local law enforcement agencies, officials said Wednesday.

“We’re the ones with the black eye,” BWL General Manager Dick Peffley told the Lansing State Journal Wednesday.

A cyberattack this week on BWL’s internal network forced the utility to shut down its accounting system and email service indefinitely for about 250 employees. It also forced the utility to shut down phone lines, including a customer assistance line that’s often used for account inquiries. Power and water shutoffs by the utility are also suspended until further notice.

The good news: All customer account data remains secure, service turn-on requests and bill payments are still being accepted online at lbwl.com, BWL’s outage phone line works, and a service center at 1232 Haco Drive has stayed open to receive payments.

Peffley is optimistic all customer services tied to BWL’s network will be restored by today. It could take longer for a complete recovery of the internal network because information technology specialists are still searching for infected employee computers, Peffley said.

“They aren’t finding a lot of infected machines, but we can’t take a chance,” Peffley said.

The cyberattack occurred about 5 a.m. Monday after a BWL employee opened an e-mail with an attachment that infected a computer in the internal network. As the infection spread, it encrypted files on other computers and required Peffley and staff to find a way to fight a virus that he said is “brand spanking new.”

Asked Wednesday if the virus is a form of “Ransomware” — a virus whose creators provide a remedy for it in exchange for a ransom payment — Peffley declined comment. He did confirm that BWL had what it thought was up-to-date antivirus software with one of 50 companies specializing in it, but realized this week only three of those companies can handle the new virus. The utility has since received necessary protection from one of those three companies so it can avoid another cyberattack, Peffley said.

Wednesday was the first time since the incident that BWL fully outlined the impact on customers. Peffley said officials have been limited by law enforcement from discussing the issue. A Lansing police spokesperson declined to comment for the second day and police Chief Mike Yankowski did not respond to a request for comment Wednesday.

Jill Washburn, a FBI spokesperson in Detroit, declined Wednesday — for the second straight day — to explain the agency’s role in what BWL Board of Directors Chairman David Price described that morning as “an ongoing criminal investigation.” Price confirmed officials are being “counseled by law enforcement at this time” about communicating with the public.

Messages left this week with State Police investigators weren’t returned.

Peffley said he hopes to be “fully transparent” with customers Thursday about the cyberattack’s impact. BWL is tracking costs to repair the internal network and could file an insurance claim because of lost productivity. Peffley said won’t know for a while if costs incurred will meet the utility’s insurance deductible.

“It’s a mess for us internally, but it’s not a mess for our customers,” Peffley said.

City systems remain operable

Chad Gamble, Lansing’s chief operating officer and public service director, wrote in an email Wednesday that information technology systems in other city departments have been “very successful” in protecting the city from large-scale cyber attacks and aren’t affected by breach.

“All networks that include email services and exposure to the internet are vulnerable to attacks, so there is no way to guarantee that the city, or any other entity, will never bee subject to a successful attack,” Gamble wrote. “Like other organizations, we take every possible precaution to prevent that from happening.”

Mayor Virg Bernero left Saturday for a trade mission in Italy and is expected to be there through Thursday. Randy Hannan, Bernero’s executive assistant, wrote in an email Tuesday to the LSJ that Bernero “has been in regular contact with Dick Peffley and is closely monitoring the situation.”

Messages left Wednesday for Bernero and Hannan weren’t returned.

BWL employees represented by the International Brotherhood of Electrical Workers Local 352 in Lansing haven’t been affected this week by the cyberattack, said Robert McCann, an IBEW spokesman. Local 352 represents about 500 members in the area.

“They have every expectation that management is going to get this issue taken care of,” McCann said.

Gamble isn’t aware of any city department that’s been the target of a Ransomware attack before this week’s BWL security breach, but mentioned in the email Wednesday the city is “regularly subjected to attempted cyber attacks that are almost always unsuccessful due to the strength of our security protocols.”

The city’s website was hacked into “several years ago,” but was “quickly brought back under control with no data being compromised,” Gamble wrote.

Eric Lacy is a reporter for the Lansing State Journal. Contact him at (517) 377-1206 or elacy@lsj.com. Follow him on Twitter @EricLacy.