Seattle City Light disconnects software implicated in massive government hack, says it wasn't compromised

Seattle City Light was using the computer software that's been widely infiltrated by hackers. But utility officials say its network remains secure.

U.S. government officials revealed last week that numerous agencies have been hit by hackers, with data being monitored possibly as far back as March.

It's among the largest security breaches in modern history. Agencies impacted include the Pentagon, the National Nuclear Security Administration, and the Department of Homeland Security.

Hackers gained access through software that many agencies use. Seattle City Light also uses that software, called Orion. The software was developed by SolarWinds and is used to manage IT infrastructure and networks relied upon by government agencies and large companies.

A spokesperson for the Seattle Mayor's Office said the city "is not impacted by these breaches," despite various departments using the software. Not all departments downloaded the update that was tainted with hackers' code. Seattle City Light did download the software that's been breached, however.

City Light has disconnected SolarWinds and evaluated their computer logs for suspicious activity. A city spokesperson said they have found no indications their system was compromised and that City Light's particular system "does not have the internet connectivity that would enable this attack to function."

The effects of the hack are still being uncovered as more and more victims are identified across the nation and the globe.

Microsoft President Brad Smith recently spoke with NPR and said: "I think this is one of the most serious cyberattacks we've seen in the past decade. This actor put malware into legitimate software that was then distributed to roughly 18,000 customers around the world - governments, companies and the like. Already we've identified more than 40 organizations, 80% of them in the United States, where they followed up, penetrated the networks, took additional steps."

Russia tops the list of suspects behind the hack, according to top federal government officials.

Full statement sent to KUOW's Paige Browning on the incident from the Seattle Mayor's Office:

City of Seattle IT staff and department staff responded rapidly on Sunday evening (Dec. 13) when FireEye broke the news of an attack against SolarWinds that compromised FireEye infrastructure and many other customers, including several US Federal Agencies. As you likely know, the malicious code in the SolarWinds hack was embedded in a recent update file downloaded by users of the platform, which then would stay dormant on a user’s device for some time before attempting to relay information back to hackers over the internet.

SolarWinds is deployed in several department including Seattle IT (ITD), Seattle City Light (SCL), Seattle Public Utilities (SPU), and Seattle Department of Transportation (SDOT). The versions of SolarWinds in ITD, SPU, SDOT were not vulnerable as we had not yet deployed the newest releases.

Seattle City Light had deployed the newest release, however, the City Light SolarWinds system is on a secured network and does not have the internet connectivity that would enable this attack to function. As information regarding the SolarWinds compromise emerged on Sunday, City Light promptly followed the DHS-CISA guidance to disconnect SolarWinds systems, and has followed all guidance to evaluate their systems and historical logs for the associated indicators of compromise. SCL has found no indications of targeting or compromise of City Light systems related to this threat (past or present), and has applied appropriate mitigations to all systems and cyber security tools.

City of Seattle security staff will continue to monitor the situation and will respond accordingly if additional threat information emerges.