US Electric Grid Suffers Unexplained DDoS Attack

A recent cyber disruption to the US grid involved a "denial of service condition" at a Western utility, according to the US  Department of Energy official. On March 5, an unidentified power company fell victim to a "cyber event" that interfered with operations but stopped short of causing blackouts, according to a DOE recent filing.

A DOE official confirmed on May 1st that the event "did not impact generation, the reliability of the grid or cause any customer outages." as reported to the industry journal E&ENews.

But the denial-of-service attack was significant enough for the utility to file an electric disturbance report with DOE, the same forms reserved for major interruptions like storms, physical attacks or fuel shortages.

Denial-of-service, or DOS, cyber-attacks overwhelm target networks with bogus traffic, making it difficult for victim computers to operate normally. Distributed-denial-of-service (DDOS) attacks harness the power of hacked "botnets" of computers to throw at hackers' targets, while rarer telephony-denial-of-service (TDOS) events seek to block incoming and outgoing calls.

In December 2015, suspected Russian hackers used stolen login credentials and a TDOS attack to hit three distribution utilities in Ukraine, briefly cutting the lights to about a quarter-million people in a first-of-its-kind cyberattack.

The March event doesn't appear to be part of such a coordinated hacking campaign, based on the limited information disclosed by DOE and several organizations in the anonymous utility's service area of Utah, Wyoming and Southern California. Still, a malicious cyber event wasn't previously known to have interfered with US grid operations, making the March 5 disclosure significant.

The DOS event took advantage of a known software vulnerability that required a previously published patch to fix, according to the DOE official.

In other words, with a patch in hand, it wouldn't have been difficult for power companies to identify and update any computer systems potentially at risk. DOE didn't clarify which equipment, whether routers, work stations or even phones, were affected by the denial of service.

Denial-of-service attacks frequently target internet-facing devices or services, one record-setting DDOS interrupted access to popular sites like Twitter and Grubhub in fall 2016. 

In order for a DOS to have triggered an electric disturbance alert, it likely would have hit something more significant, but still externally facing, industry sources speculated: perhaps firewalls or routers on the boundary of a grid network.

While a cyberattack on such equipment wouldn't disrupt the flow of electricity, it could force operators to pause or redirect certain activities at affected facilities to allow for an investigation. The Electricity Information Sharing and Analysis Center, the electric sector's hub for getting the word out on the latest threats and vulnerabilities, issued an alert with information to mitigate the threat, according to multiple sources.

The DOS event reflects a concerning uptick in attacks, sophisticated or not, targeting critical infrastructure facilities worldwide, according to Lior Frenkel, CEO and co-founder of industrial cybersecurity firm Waterfall Security Solutions. Tools once exclusively available to nation-state hacking teams have passed into the hands of criminal organisations and the general public, he observed. Grid cyber events like that of March 5 "are bound to happen at an increasing rate," he warned. "Targets need to understand the world has changed."

The utility targeted in the March 5 DOS attack hasn't been identified.State utility regulators in Wyoming, Utah and California have all declined to share additional details or failed to respond to requests for comment.

The Western Electricity Coordinating Council, the regional grid overseer for the four counties listed in the vague DOE filing, said via a spokeswoman that "we do not comment about individual entities."

Federal officials have been similarly tight-lipped. The North American Electric Reliability Corp., which manages the industry's threat information sharing center, has yet to comment on the case, while the Department of Homeland Security deferred comment to DOE. The Federal Energy Regulatory Commission said it was aware of the case but declined further comment.

EENews

You Might Also Read:

America Remains Vulnerable To Cyber Attack:

 

 

« What Can We Do About Increasing Complexity In Cybersecurity?
Has President Trump Lost The Cyber Plot? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cognizant

Cognizant

Cognizant offer services and solutions for IT Infrastructure Security, Enterprise Mobility and Internet of Things.

DXC Technology

DXC Technology

DXC Technology helps global companies run their mission critical systems and operations while modernizing IT, optimizing data architectures, and ensuring security and scalability.

BlueKrypt

BlueKrypt

BlueKrypt is a consulting firm for the security of IT systems and their management.

SHIELD

SHIELD

SHIELD is an established end-to-end fraud management solution that blocks fraudulent activities such as account takeovers, fake accounts creation, fraudulent payments, loyalty fraud and more.

Rocheston

Rocheston

Rocheston is an innovation company with cutting-edge research and development in emerging technologies such as Cybersecurity, Internet of Things, Big Data and automation.

Whistic

Whistic

Whistic is a cloud-based platform that uses a unique approach to address the challenges of third-party risk management.

Iron Bow Technologies

Iron Bow Technologies

Iron Bow Technologies is a leading IT solution provider dedicated to successfully transforming technology investments into business capabilities for government, commercial and healthcare clients.

Hunter Strategy

Hunter Strategy

Hunter Strategy focuses on delivering solutions that are concise, scalable, and target our customer’s complex technical challenges.

DeVry University - Cyber Security Degree

DeVry University - Cyber Security Degree

Explore the dynamic world of data protection with a hybrid or online cyber security degree specialization with DeVry's IT & Networking Bachelor's Degree.

Cranfield University

Cranfield University

Cranfield Defence and Security are at the forefront of their fields, offering capabilities ranging from cyber security and digital warfare to robotics, forensic sciences and simulation and analytics.

ConnectSecure

ConnectSecure

ConnectSecure (formerly CyberCNS) is a global cybersecurity company that delivers tools to identify and address vulnerabilities and manage compliance requirements.

NASK SA

NASK SA

NASK SA is an integrator of telecommunications services. We provide advanced ICT security services, collocation and hosting, data centre services, and build corporate networks.

eaziSecurity

eaziSecurity

eaziSecurity has built an eco-system of technology and services that bring enterprise scale security solutions to the SME marketplace.

PreVeil

PreVeil

We started PreVeil to bring radically better security to ordinary business and personal communication and information storage.

N2K Networks

N2K Networks

N2K Networks is the world’s first “news to knowledge” network. The news to knowledge network is how you stay at the cutting edge in a rapidly changing world.

Sardine

Sardine

Sardine is a leader in financial crime prevention. Using unparalleled device intelligence and behavior biometrics, Sardine applies machine learning to detect and stop fraud before it happens.