Security Experts:

Connect with us

Hi, what are you looking for?



Cyberattack Disrupted Firewalls at U.S. Power Utility

A denial-of-service (DoS) attack that caused disruptions at a power utility in the United States earlier this year exploited a known vulnerability in a firewall used by the affected organization.

A denial-of-service (DoS) attack that caused disruptions at a power utility in the United States earlier this year exploited a known vulnerability in a firewall used by the affected organization.

A quarterly report published last spring by the National Energy Technology Laboratory revealed that a cyber event caused “interruptions of electrical system operations” at an unnamed utility in the western part of the United States. The incident, which occurred on March 5, impacted California, Utah and Wyoming, but it did not result in any power outages.

US power utility’s firewalls disrupted by DoS attackE&E News, which provides news for energy and environment professionals, learned at the time that the disruption involved a DoS attack that exploited a known vulnerability, but no other details were made available.

E&E now noticed that a “lesson learned” report from the North American Electric Reliability Corporation (NERC) revealed that the incident involved a vulnerability in the web interface of firewalls used by the impacted organization.

According to the NERC document, an unauthenticated attacker exploited a known vulnerability in the firewalls to trigger a DoS condition that caused the devices to reboot. It’s unclear which company provided the firewalls, but they were apparently internet-facing perimeter devices that “served as the outer layer security.”

Learn More About Security in the Energy Sector at SecurityWeek’s 2019 ICS Cyber Security Conference

The impacted utility still has not been named, but NERC says the DoS attack hit a low-impact control center and multiple remote low-impact generation sites, causing brief communications outages between the control center and the sites, and the field devices at the sites.

The outages lasted for less than five minutes and the reboots occurred over a 10-hour timeframe.

“After an initial internal investigation, the entity decided that, in order to fully characterize the nature of the reboots and the potential causes, the firewall manufacturer should review logs,” NERC said. “Subsequent analysis determined that the reboots were initiated by an external entity exploiting a known firewall vulnerability. After receiving this notification, the entity initiated their event reporting procedure as dictated by their cybersecurity incident response plan.”

The impacted utility is said to have reviewed its process for deploying firmware updates following the incident, and NERC hopes other energy companies will learn and take steps to prevent such incidents.

NERC has been known to issue fines of millions of dollars to energy firms over cybersecurity issues, but it’s unclear if the organization hit by the DoS attack will be penalized.

Related: Ransomware Causes Disruptions at Johannesburg Power Company

Related: U.S. Planted Powerful Malware in Russia’s Power Grid

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.