Cyber-security incident at US power grid entity linked to unpatched firewalls
Cyberattack on the U.S. grid created blind spots at a grid control center and several small power generation sites in the western United States, according to a document posted from the North American Electric Reliability Corp.
The North American Electric Reliability Corporation or NERC revealed last week that the U.S. grid suffered an unprecedented cyberattack this spring, though it did cause any blackouts in affected areas in the western United States.
In its “Lesson Learned” report, the NERC said the March 5 attack caused signal outages at the grid’s “low-impact” control center, but they did not last longer than five minutes. The energy watchdog presented its findings to the Department of Energy on what it considers the first disruptive “cyber event” to have victimized the U.S. power grid.
The case offered a stark demonstration of the risks U.S. power utilities face as their critical control networks grow more digitized and interconnected — and more exposed to hackers. “Have as few internet facing devices as possible,” NERC urged in its report.
Large power utilities are required to check for and apply fixes to sensitive grid software that could offer an entry point for hackers. NERC declined comment on whether the March 5 incident would lead to any enforcement actions, though the nonprofit has levied multimillion-dollar cybersecurity fines against power companies in the recent past. Late last month, NERC announced it had reached a $2.1 million penalty settlement with an unnamed utility — also based out West — over a spate of cybersecurity violations dating back to 2009. Fines for breaking critical infrastructure protection rules are reported to FERC for final approval.
Reference:
Contact Us
Learn more about what Techcess CyberSecurity Group can do for your business.
1-833-TXCYBER
1-833-892-9237
Techcess CyberSecurity Group
6110 Clarkson Lane
Houston, Texas 77055
Techcess CyberSecurity Group
Houston, Texas 77055