Article 4PXJW Report Reveals Play-By-Play of First U.S. Grid Cyberattack

Report Reveals Play-By-Play of First U.S. Grid Cyberattack

by
chromas
from SoylentNews on (#4PXJW)

martyb writes:

Report Reveals Play-By-Play of First U.S. Grid Cyberattack:

A first-of-its-kind cyberattack on the U.S. grid created blind spots at a grid control center and several small power generation sites in the western United States, according to a document posted yesterday from the North American Electric Reliability Corp.

The unprecedented cyber disruption this spring did not cause any blackouts, and none of the signal outages at the "low-impact" control center lasted for longer than five minutes, NERC said in the "Lesson Learned" document (pdf) posted to the grid regulator's website.

But the March 5 event was significant enough to spur the victim utility to report it to the Department of Energy, marking the first disruptive "cyber event" on record for the U.S. power grid (Energywire, April 30).

The case offered a stark demonstration of the risks U.S. power utilities face as their critical control networks grow more digitized and interconnected - and more exposed to hackers. "Have as few internet facing devices as possible," NERC urged in its report.

[...] "So far, I don't see any evidence that this was really targeted," said Reid Wightman, senior vulnerability analyst at industrial cybersecurity firm Dragos Inc. "This was probably just an automated bot that was scanning the internet for vulnerable devices, or some script kiddie," he said, using a term for an unskilled hacker.

Nevertheless, the case turned heads at multiple federal agencies, collectively responsible for keeping the lights on in the face of an onslaught of cyber and physical threats. The blind spots would have left grid operators in the dark for five-minute spans - not enough time to risk power outages but still posing a setback to normal operations.

[...] Wightman said the "biggest problem" was the fact that hackers were able to successfully take advantage of a known flaw in the firewall's interface.

"The advisory even goes on to say that there were public exploits available for the particular bug involved," he said. "Why didn't somebody say, 'Hey, we have these firewalls and they're exposed to the internet - we should be patching?'"

Large power utilities are required to check for and apply fixes to sensitive grid software that could offer an entry point for hackers. NERC declined comment on whether the March 5 incident would lead to any enforcement actions, though the nonprofit has levied multimillion-dollar cybersecurity fines against power companies in the recent past. Late last month, NERC announced it had reached a $2.1 million penalty settlement with an unnamed utility - also based out West - over a spate of cybersecurity violations dating back to 2009. Fines for breaking critical infrastructure protection rules are reported to FERC for final approval.

Couldn't help but be reminded of the WOPR and "Let's play Global Thermonuclear War!"

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments