Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Cyberattack Disrupted Firewalls at U.S. Power Utility

A denial-of-service (DoS) attack that caused disruptions at a power utility in the United States earlier this year exploited a known vulnerability in a firewall used by the affected organization.

A denial-of-service (DoS) attack that caused disruptions at a power utility in the United States earlier this year exploited a known vulnerability in a firewall used by the affected organization.

A quarterly report published last spring by the National Energy Technology Laboratory revealed that a cyber event caused “interruptions of electrical system operations” at an unnamed utility in the western part of the United States. The incident, which occurred on March 5, impacted California, Utah and Wyoming, but it did not result in any power outages.

US power utility’s firewalls disrupted by DoS attackE&E News, which provides news for energy and environment professionals, learned at the time that the disruption involved a DoS attack that exploited a known vulnerability, but no other details were made available.

E&E now noticed that a “lesson learned” report from the North American Electric Reliability Corporation (NERC) revealed that the incident involved a vulnerability in the web interface of firewalls used by the impacted organization.

According to the NERC document, an unauthenticated attacker exploited a known vulnerability in the firewalls to trigger a DoS condition that caused the devices to reboot. It’s unclear which company provided the firewalls, but they were apparently internet-facing perimeter devices that “served as the outer layer security.”

Learn More About Security in the Energy Sector at SecurityWeek’s 2019 ICS Cyber Security Conference

The impacted utility still has not been named, but NERC says the DoS attack hit a low-impact control center and multiple remote low-impact generation sites, causing brief communications outages between the control center and the sites, and the field devices at the sites.

The outages lasted for less than five minutes and the reboots occurred over a 10-hour timeframe.

“After an initial internal investigation, the entity decided that, in order to fully characterize the nature of the reboots and the potential causes, the firewall manufacturer should review logs,” NERC said. “Subsequent analysis determined that the reboots were initiated by an external entity exploiting a known firewall vulnerability. After receiving this notification, the entity initiated their event reporting procedure as dictated by their cybersecurity incident response plan.”

Advertisement. Scroll to continue reading.

The impacted utility is said to have reviewed its process for deploying firmware updates following the incident, and NERC hopes other energy companies will learn and take steps to prevent such incidents.

NERC has been known to issue fines of millions of dollars to energy firms over cybersecurity issues, but it’s unclear if the organization hit by the DoS attack will be penalized.

Related: Ransomware Causes Disruptions at Johannesburg Power Company

Related: U.S. Planted Powerful Malware in Russia’s Power Grid

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...