US Power Grid Attack – No Harm Done. This Time

A cybersecurity incident that impacted a US power grid entity earlier this year was not as dangerous as initially thought, the North American Electric Reliability Corporation (NERC) has said. 

In a report highlighting the "lessons learned" from a past incident, NERC said hackers repeatedly caused firewalls to reboot for about ten hours, on March 5, 2019. The incident impacted firewalls deployed at multiple power generation sites operated by a "low-impact" operator and did not cause any disruption in the electric power supply.

The incident only impacted network perimeter firewalls, which, on March 5, were mysteriously going down for periods of up to five minutes. The firewall reboots continued for hours, prompting the power grid operator to start an investigation. 

"Subsequent analysis determined that the reboots were initiated by an external entity exploiting a known firewall vulnerability," NERC said.

The power grid operator eventually discovered that they had failed to apply firmware updates for the firewalls that were under attack. The reboots stopped after the operator deployed the proper patches. 

The operator blamed its failure to apply the firewall security updates on the lack of a proper firmware review process to vet security updates before being deployed. 

Work was being done on standardising such process, but the procedure had not been ready in time, resulting in a bottleneck of firmware updates not being reviewed and deployed. The incident didn't result in a major intrusion; however, NERC intentionally highlighted the March 2019 attacks in order to draw attention to the fact that many companies may not be deploying firmware updates in a timely manner, resulting in security holes being opened on their networks. NERC lays out a series of recommendations on dealing with firewalls and patches in its private report.

Wired:        NERC EENews:

You Might Also Read: 

UK Power Outage - The Cyber Effect?:

Improving Electric Power-Grid Security:

 

 

« 10 Predictions For The IoT Future
EU Crackdown On Cyber Crime »

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

WEBINAR: How to achieve security visibility at scale in the AWS Cloud

WEBINAR: How to achieve security visibility at scale in the AWS Cloud

Thursday August 27, 2020: Join SANS and AWS Marketplace to learn how you can leverage solutions to create visibility at scale and allow you to do more with your data and improve your security posture.

WEBINAR: How to improve threat detection and hunting in the AWS Cloud

WEBINAR: How to improve threat detection and hunting in the AWS Cloud

Thursday, August 20, 2020 - Join SANS and AWS Marketplace to learn the exercise of applying MITRE’s ATT&CK Matrix to the AWS Cloud and how to enhance threat detection and hunting in an AWS environment

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

British Insurance Brokers’ Association (BIBA)

British Insurance Brokers’ Association (BIBA)

Use the ‘Find-A-Broker‘ section of the BIBA website to find providers of cyber risk insurance in the UK.

CySec Ice Wall

CySec Ice Wall

CySec Network Data Vault records a full audit trail of all network traffic to enable root cause analysis and forensic investigation.

Red Lambda

Red Lambda

Red Lambda provides cybersecurity software that enables organizations to rapidly identify, visualize, investigate, and understand threat behaviors of both known and unknown, zero-day attacks.

CRI4DATA

CRI4DATA

CRI4DATA's mission is to help organizations build their resilience to cyber risk.

Detelix Argoscope

Detelix Argoscope

Detelix has developed a unique fraud prevention solution that is based on years of experience in detecting and investigating fraud and embezzlement cases.

ShieldIOT

ShieldIOT

ShieldIOT delivers a complete AI-powered security solution across any IoT device, application and network.

Asia Cybersecurity Exchange (ASIACYBERX)

Asia Cybersecurity Exchange (ASIACYBERX)

ASIACYBERX is a Start-Up Accelerator Program, Cybersecurity Talent Development, Training & Mentorship, Event Coordination, Job Marketplace and Co-working Office for Cybersecurity Start-ups.

BotGuard

BotGuard

BotGuard provides a service to protect your website from malicious bots, crawlers, scrapers, and hacker attacks.