DoS Attack Blamed for U.S. Grid Disruptions: Report
A denial-of-service (DoS) attack has been blamed for disruptions to electrical grid operations in the United States.
According to the National Energy Technology Laboratory’s OE-417 Electric Emergency and Disturbance Report for the first quarter of 2019, a cyber event caused “interruptions of electrical system operations.”
The report shows that the incident impacted an unidentified utility in the region overseen by the Western Electricity Coordinating Council (WECC), which is responsible for compliance monitoring and enforcement in the Western Interconnection, and affected California (Kern County and Los Angeles County), Utah (Salt Lake County) and Wyoming (Converse County).
However, the report shows that the incident did not result in any power outages. The cyber event occured on March 5 — it started at 9:12 AM and systems were restored by 6:57 PM on the same day.
The report does not include any other details, but E&E News, which provides news for energy and environment professionals, learned from an official at the U.S. Department of Energy (DoE) that the disruption involved a DoS attack.
According to E&E News, the attack was not part of a coordinated hacking operation and involved a known DoS vulnerability for which a patch is available. It’s unclear what type of equipment was targeted.
The Electricity Information Sharing and Analysis Center reportedly sent out an alert to inform other utilities of the threat.
Cybersecurity professionals have often warned that DoS vulnerabilities can have a much higher impact in the case of industrial systems compared to IT systems.
“This filing indicates continued tampering with and intrusion into the electrical grid,” Barak Perelman, CEO of industrial cybersecurity firm Indegy, told SecurityWeek. “These types of events underscore the importance of having monitoring systems in place.”
“To detect and protect against malicious activity, both governments and businesses can implement industrial and critical infrastructure security at the network and device level. This has long been the approach used in IT networks, yet we have not applied the same controls to critical infrastructure operations,” Perelman added.
The DoE has invested tens of millions of dollars in cybersecurity in the past year, which is not surprising considering that the energy sector has been an important target for threat actors and the cybersecurity industry has often warned of serious risks.
Reports published last year showed that the energy sector was the most impacted by vulnerabilities in industrial control systems (ICS), and that many internet-connected human-machine interfaces (HMIs) expose energy facilities to attacks.
It was revealed earlier this year that a US energy company received a $10 million fine from the North American Electric Reliability Corporation (NERC) for nearly 130 violations of the Critical Infrastructure Protection (CIP) standards.