Author: Mark Stone
On Mar 5, 2019, a cyber attack interrupted operations at a grid control center and a few small power generation sites in California, Utah and Wyoming. The attack was short-lived and didn't have much of an impact—it didn't affect any customers and didn't cause any blackouts. Signal outages at the control center lasted no longer than five minutes.
Even so, the power grid attack—the first known cyber attack on a power grid in the US—was significant enough for the undisclosed utility to report it to the US Department of Energy, and it's a harbinger of a potentially growing threat to the energy industry.
How did it happen?
The attack, which lasted about 10 hours, exploited a known vulnerability in a vendor's firewall web interface. The vulnerability allowed the attacker to repeatedly reboot the devices, causing a denial of service that broke the firewalls and disrupted communication between the control center and several remote generation sites and between equipment at those sites.
Analysis determined that the utility neglected to install a firmware update patch to fix the known vulnerability.
Identification and management
Once utility operators determined that they had failed to update their firewall firmware, they applied the patch, fixing the vulnerability and bringing the firewalls back online.
After asking the firewall vendor to review the situation, the utility reviewed how it assesses and implements firmware updates and developed more efficient procedures for vendor updates.
The threat actors
The attack wasn't disastrous, but it could have been. Reid Wightman, a senior vulnerability analyst at the industrial cybersecurity firm Dragos, told E&E News that there was no evidence that the utility was specifically targeted. He suggests that the attacker was likely either an amateur hacker or an automated bot trawling the internet for vulnerable devices.
Still, the event draws attention to the growing threat cyber attacks pose to the energy sector. Two months before the attack, then-US Director of National Intelligence Dan Coats reminded the US about cyber attacks on Ukrainian utilities in 2015 and 2016 and warned that Russian hackers were capable of disrupting electric grids.
Protecting against grid cyber attacks
To protect against a power grid attack, the North American Electric Reliability Corporation recommends the following robust cybersecurity policies and procedures:
- Monitor vendor firmware releases and review them as quickly as possible
- Perform sandbox testing (i.e, test patches and new devices in a non-production environment)
- Deploy as few internet-facing devices as possible
- Use virtual private networks
- Segment and separate your network to reduce the impact of a breach
How Verizon can help
Making the right security investments is all about visibility. With Cyber Risk Monitoring, you get a 360-degree view of your security landscape that includes insight into emerging attacks, known vulnerabilities in your infrastructure, and even threats from third-parties connected to your network. By integrating our intelligence with multiple security data sources, you can aggregate, display and store information in a way that's easy to understand.
As a leader in cybersecurity, we track over 61 billion events on average every year. With this insight, you can develop a focused action plan for your security environment and prioritize spending where it matters most.
Learn more about data breaches in the energy and utility sector and why cybersecurity plays an essential role in the industry.
The author of this content is a paid contributor for Verizon.