Hydro One remains staunch that their internal cyber security teams have confirmed that the electricity distributor’s grid was never compromised.

An IP address belonging to Hydro One was among hundreds identified by U.S. Homeland Security and the FBI as a potential target of Russian malicious cyber-activity.

The U.S. government recently released a list of hundreds of affected IP addresses worldwide after it investigated allegations of direct hacking from Russia against Hillary Clinton’s campaign and the Democratic Party.

An investigation by CTV News Toronto revealed that an IP address belonging to Hydro One was one of 900 addressed potentially targeted by such malicious hacking. The address was set up back in 1990 by what was then known as Ontario Hydro, the company that preceded Hydro One.

The findings indicate Russia may have downloaded malicious software onto computers located at Hydro One unbeknownst to the company. Russia has denied any involvement in a hacking scheme.

In a statement issued to CTV News Toronto, Hydro One’s chief security officer, Rick Haier, said the RCMP informed them of the potential threat on Dec. 29 – the same day the FBI released its report of affected IP addresses.

“We have been made aware of this issue and at this time we can confirm that the address in question is not an active IP address at Hydro One nor is it connected to the power system,” Haier said in the statement. “There is no reason to believe that our power system has been compromised.”

“A wake-up call”

Carmi Levi, a technology analyst with CTV News, called the incident “very significant.”

“It means whatever security processes are being used to secure that particular IP address or the hardware or the laptop associated with that address are absolutely inadequate. If they can be breached by a hacker and compromised in some way, someone isn’t doing his or her full job when it comes to security.”

Levi said though it is very difficult to single out where exactly the cyber threat derived from, the identification of a Canadian IP address in the U.S. government’s list should be considered “concerning” for more than just the hydro company.

“It’s safe to call this a wakeup call simply because up until now we might have assumed that these systems were absolutely invulnerable to this kind of thing but what we’re seeing here suggest that nothing is invulnerable and even an entity that has previously been seen as invulnerable is absolutely not,” he said.

“If a large utility can be compromised it basically means anyone or anything can be compromised – even if you’re an individual with one laptop working out of your home. Anyone is potentially targetable in this way, we should all be concerned, this touches all of us.”

Similarly, an electricity company in Vermont – The Burlington Electric Department – confirmed last week that one of its computers had also been found to contain malicious Russian malware code.

With files from Paul Bliss.