In May 2021, the Colonial Pipeline ransomware attack shut down fuel distribution across the entire Eastern Seaboard, triggering panic buying and gas shortages from Texas to New Jersey. Months earlier, an attacker breached the Oldsmar, Florida water treatment plant and attempted to increase sodium hydroxide levels to 100 times the safe amount — potentially poisoning the water supply of 15,000 people. These weren't hypothetical scenarios from a cybersecurity textbook. They were real attacks on real critical infrastructure — and they were wake-up calls that many utilities still haven't fully heeded.
For the Tri-Cities region of Northeast Tennessee, where locally operated utilities power homes, businesses, hospitals, and manufacturing plants, the threat to SCADA and industrial control systems is not abstract. It's here, it's growing, and the consequences of inaction could be catastrophic.
The Utilities That Power Tri-Cities
Unlike many metropolitan areas served by a single large utility, the Tri-Cities region relies on a network of locally governed utility providers, each purchasing power from the Tennessee Valley Authority (TVA) and distributing it through their own infrastructure:
- BrightRidge (formerly Johnson City Power Board) serves Johnson City and surrounding Washington County, providing electric, broadband, and natural gas services to over 80,000 customers.
- Kingsport Power Board distributes electricity to Kingsport's residential and industrial customers, including the city's extensive manufacturing corridor.
- Bristol Tennessee Essential Services (BTES) operates as a municipal utility providing electric, fiber internet, water, and wastewater services to Bristol and the surrounding area.
Each of these utilities operates Supervisory Control and Data Acquisition (SCADA) systems and Industrial Control Systems (ICS) that manage power distribution, substation automation, water treatment processes, and natural gas pipeline monitoring. These systems are the digital nervous system of our region's infrastructure — and they were never designed with cybersecurity in mind.
Why OT Environments Are Uniquely Vulnerable
Operational Technology (OT) environments — the systems that control physical processes like power generation, water treatment, and gas distribution — face a fundamentally different threat landscape than traditional IT networks. Understanding these differences is critical to defending them:
Legacy Systems That Can't Be Patched
Many SCADA systems in active service today were designed in the 1990s or early 2000s, running on Windows XP, proprietary real-time operating systems, or embedded firmware that hasn't been updated in over a decade. Patching is often impossible without taking critical systems offline — something operators are understandably reluctant to do when the system controls power to 80,000 customers.
The Air-Gap Myth
"Our SCADA systems aren't connected to the internet" is one of the most dangerous assumptions in critical infrastructure security. While true air gaps existed decades ago, modern operational requirements have eroded them. Remote monitoring portals, vendor VPN connections for maintenance, historian servers that bridge OT and IT networks, and even USB drives transferred between environments all create pathways that sophisticated attackers can exploit.
Vendor Remote Access
SCADA vendors routinely require remote access to systems for firmware updates, troubleshooting, and license management. These connections often use shared credentials, lack multi-factor authentication, and remain persistently open rather than being activated only when needed. A compromised vendor becomes a direct pathway into the utility's control systems.
Assess Your Infrastructure Security
Blue Ridge Security provides OT-aware vulnerability assessments for utilities and critical infrastructure providers in the Tri-Cities region.
Request an AssessmentNation-State Threats: This Is Not Theoretical
The threat to U.S. critical infrastructure from nation-state actors is not speculative — it's documented and ongoing. In 2024 and 2025, CISA issued multiple urgent advisories about Volt Typhoon, a Chinese state-sponsored threat actor that had pre-positioned itself inside U.S. critical infrastructure networks — including utilities, water systems, and transportation — with the capability to disrupt operations during a geopolitical crisis.
Volt Typhoon's tactics are particularly alarming because they emphasize stealth and persistence over immediate destruction. The group uses "living off the land" techniques — leveraging legitimate system tools like PowerShell, WMI, and built-in remote access features — to avoid detection by traditional security tools. Their goal isn't to steal data; it's to maintain long-term access that can be activated as a weapon during a conflict scenario, such as a Taiwan Strait escalation.
Russian-affiliated groups including Sandworm have demonstrated even more destructive capabilities, having successfully caused power outages in Ukraine in 2015 and 2016 by compromising SCADA systems at regional power distribution companies. The attacks resulted in blackouts affecting hundreds of thousands of people — a template that could be applied to any utility operating similar technology.
CISA Director Jen Easterly has stated publicly that "the Chinese cyber threat is the defining threat of our generation" and that every American utility should assume that nation-state actors are already probing their defenses.
The Cascading Impact of a Grid Attack
A successful cyberattack on Tri-Cities utility infrastructure wouldn't just mean the lights go out. The cascading effects would ripple through every sector of the regional economy:
- Hospitals: Ballad Health's facilities across the Tri-Cities depend on stable power. While generators provide temporary backup, extended outages would force patient evacuations and suspend surgeries, imaging, and lab operations.
- Manufacturing: Kingsport's chemical plants and Johnson City's precision manufacturers require uninterrupted power for continuous processes. A grid disruption could cause millions in product losses, environmental hazards from uncontrolled chemical reactions, and worker safety incidents.
- Schools: Heating, cooling, lighting, cafeteria operations, and digital learning platforms all depend on the grid. Extended outages would close schools across the region.
- Water and wastewater: Treatment plants require power for pumping, chemical dosing, and filtration. A prolonged outage could result in boil-water advisories or untreated wastewater discharge into local waterways.
- Emergency services: 911 dispatch centers, fire stations, and law enforcement communications all depend on functioning power and telecommunications infrastructure.
Defending Our Critical Infrastructure
Protecting SCADA and ICS environments requires a specialized approach that differs significantly from traditional IT security. Here's what Tri-Cities utilities and infrastructure operators should prioritize:
OT-Specific Network Monitoring
Deploy monitoring solutions designed specifically for industrial protocols (Modbus, DNP3, IEC 61850, OPC). These tools establish baselines of normal operational behavior and alert on anomalies that could indicate unauthorized commands, reconnaissance activity, or lateral movement within OT networks.
Network Segmentation Between IT and OT
Implement strict network segmentation with industrial demilitarized zones (DMZs) between corporate IT networks and operational technology networks. All traffic between zones should pass through next-generation firewalls with deep packet inspection configured for industrial protocols. No direct connectivity should exist between the internet and OT systems.
Regular Vulnerability Assessments
Conduct annual vulnerability assessments of OT environments using methodologies and tools that are safe for industrial systems. Traditional IT vulnerability scanners can crash SCADA processes — OT assessments require specialized expertise and careful coordination with operations teams.
Incident Response Planning with Utility Partners
Develop and rehearse incident response plans that account for OT-specific scenarios: compromised SCADA commands, manipulated sensor readings, loss of visibility into grid status. These plans should be coordinated with TVA, neighboring utilities, CISA, and local emergency management to ensure a unified response.
Vendor Access Management
Implement just-in-time vendor access with multi-factor authentication, session recording, and automatic session termination. No vendor should have persistent, unmonitored access to OT systems. Every remote session should be approved, logged, and reviewed.
Blue Ridge Security: Your OT Security Partner
At Blue Ridge Security, we understand that protecting critical infrastructure requires more than applying IT security practices to OT environments. Our team has direct experience with industrial environments, SCADA systems, and the regulatory frameworks that govern utility operations.
From infrastructure assessments and network segmentation design to 24/7 monitoring through our Guardian SOC and OT-aware penetration testing, we help Tri-Cities utilities and infrastructure operators build defenses that protect our community's most essential services.
Our power grid, our water supply, and our community's safety depend on it. Contact Blue Ridge Security today to discuss how we can help secure the infrastructure that keeps the Tri-Cities running.