JEA systems back online after cyber attack

Computer experts say attacks difficult to prevent

JACKSONVILLE, Fla. – JEA's website and payment systems are now functioning normally after the site fell victim to a cyber attack that lasted for days.

Spokeswoman Gerri Boyce said customers have successfully transacted with both the website and payment systems since about 9 p.m. Tuesday.

She said there is no evidence of a breach of JEA electric and water systems or customer information as a result of the event.

JEA has suspended disconnections for non-payment Wednesday as an additional consideration for customers, Boyce said. The orders will begin processing Thursday.

Payments are accepted online, by phone at 904-665-6000, at Winn-Dixie and the Tax Collector's Offices, as well as more than 140 neighborhood authorized payment locations.

Boyce said at this time, JEA does not know the origin of the attack. She said the utility has engaged a third-party expert to help scrub and block bad Internet traffic so it does not affect the company's servers. Doing so will add another level of security, Boyce said.

JEA's website, Internet communications and automated phone systems were down since midnight Sunday due to what the city-owned utility called a denial-of-service attack.

Boyce said JEA.com had been inundated with data, and visits to the website returned various error messages, including that there were network connectivity problems or the site was unavailable or too busy. Company emails were also affected.

The attack had also taken down JEA's email and automated phone systems.

The cyber attack was likely not an elaborate scheme masterminded by a computer hacker. Instead, computer experts say denial of service, or DOS, attacks can be purchased online as a service, and the price for a day is comparable to the price of a tank of gas.

"They could get it as cheap as $9 an hour or less than $70 a day to have access to plenty of tools to take down a company," said Phillip Graves, whose company Antisyn provides IT support for businesses.

Graves said DOS attacks are hard to prevent because the attack comes from so many computers. In JEA's case, its servers were flooded with data from various sources, and preventing such a thing from happening can be very expensive.

"It can be hundreds of thousands of dollars, or millions of dollars, depending on the size of the business," Graves said. "There are things they can do to prevent issues."

Other utility companies are taking extra precautions.

Clay Electric said in a statement: "We take IT seriously, and we are working on an ongoing basis to minimize cyber attacks. What happened to JEA is a reminder of how dependent people are on online customer service, and the importance of maintaining our commitment to cyber security."

Computer experts say it's not only the major companies like JEA being targeted. Even small businesses are falling victim.

"It is rather common," said Murat Al, a computer professor at the University of North Florida. "Such attacks are easy to launch. Anyone could do that."

Al says the motive behind the cyber attacks vary and are sometimes impossible to determine.

"A script kiddie, for example, has the motivation to have fun by attacking bigger and bigger companies maybe by performing any attack just to cause harm," Al said. "We could have here spies who are interested in such a facility like JEA."