Stories
Slash Boxes
Comments

SoylentNews is people

Report Reveals Play-By-Play of First U.S. Grid Cyberattack

posted by chromas on Monday September 09 2019, @05:55AM   Printer-friendly
from the do-you-want-AI-with-your-control-system? dept.

martyb writes:

Report Reveals Play-By-Play of First U.S. Grid Cyberattack:

A first-of-its-kind cyberattack on the U.S. grid created blind spots at a grid control center and several small power generation sites in the western United States, according to a document posted yesterday from the North American Electric Reliability Corp.

The unprecedented cyber disruption this spring did not cause any blackouts, and none of the signal outages at the "low-impact" control center lasted for longer than five minutes, NERC said in the "Lesson Learned" document (pdf) posted to the grid regulator's website.

But the March 5 event was significant enough to spur the victim utility to report it to the Department of Energy, marking the first disruptive "cyber event" on record for the U.S. power grid (Energywire, April 30).

The case offered a stark demonstration of the risks U.S. power utilities face as their critical control networks grow more digitized and interconnected — and more exposed to hackers. "Have as few internet facing devices as possible," NERC urged in its report.

[...] "So far, I don't see any evidence that this was really targeted," said Reid Wightman, senior vulnerability analyst at industrial cybersecurity firm Dragos Inc. "This was probably just an automated bot that was scanning the internet for vulnerable devices, or some script kiddie," he said, using a term for an unskilled hacker.

Nevertheless, the case turned heads at multiple federal agencies, collectively responsible for keeping the lights on in the face of an onslaught of cyber and physical threats. The blind spots would have left grid operators in the dark for five-minute spans — not enough time to risk power outages but still posing a setback to normal operations.

[...] Wightman said the "biggest problem" was the fact that hackers were able to successfully take advantage of a known flaw in the firewall's interface.

"The advisory even goes on to say that there were public exploits available for the particular bug involved," he said. "Why didn't somebody say, 'Hey, we have these firewalls and they're exposed to the internet — we should be patching?'"

Large power utilities are required to check for and apply fixes to sensitive grid software that could offer an entry point for hackers. NERC declined comment on whether the March 5 incident would lead to any enforcement actions, though the nonprofit has levied multimillion-dollar cybersecurity fines against power companies in the recent past. Late last month, NERC announced it had reached a $2.1 million penalty settlement with an unnamed utility — also based out West — over a spate of cybersecurity violations dating back to 2009. Fines for breaking critical infrastructure protection rules are reported to FERC for final approval.

Couldn't help but be reminded of the WOPR and "Let's play Global Thermonuclear War!"

Original Submission

 
This discussion has been archived. No new comments can be posted.
Report Reveals Play-By-Play of First U.S. Grid Cyberattack | Log In/Create an Account | Top | 4 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: -1, Troll) by Anonymous Coward on Monday September 09 2019, @12:42PM

    by Anonymous Coward on Monday September 09 2019, @12:42PM (#891647)

    0 comments means we're going to need a bigger nigger.

  • (Score: 2) by All Your Lawn Are Belong To Us on Monday September 09 2019, @02:05PM

    by All Your Lawn Are Belong To Us (6553) on Monday September 09 2019, @02:05PM (#891683) Journal

    Not Live Free or Die Hard?

    --
    This sig for rent.

  • (Score: 0) by Anonymous Coward on Monday September 09 2019, @04:04PM

    by Anonymous Coward on Monday September 09 2019, @04:04PM (#891727)

    > A first-of-its-kind cyberattack on the U.S. grid created blind spots at a grid control center and several small power generation sites

    >"So far, I don't see any evidence that this was really targeted," said Reid Wightman, senior vulnerability analyst at industrial cybersecurity firm Dragos Inc. "This was probably just an automated bot that was scanning the internet for vulnerable devices, or some script kiddie," he said, using a term for an unskilled hacker.

    So ... some script kiddies cause a disruption in the monitoring systems for power generation and distribution (grid control) and they they aren't freaking out? What happens when someone actually tried to do something?

  • (Score: 3, Insightful) by lentilla on Monday September 09 2019, @04:18PM

    by lentilla (1770) on Monday September 09 2019, @04:18PM (#891736)

    "Why didn't somebody say, 'Hey, we have these firewalls and they're exposed to the internet — we should be patching?'"

    Why didn't somebody say? I am sure they did - although the statement probably sounded closer to: "only an idiot would connect the grid to the Internet - don't be an idiot". At some point; expert advice having been been repeatedly ignored; the only recourse is to say "We told you this would happen" when the inevitable occurs.

(1)