Search Results for “Blake Sobczak”


May 3, 2019
Blake Sobczak / E&E News

Blake Sobczak / E&E News  
DoS Attack Caused The Ten-Hour ‘Cyber Incident’ Disrupting Power Operations in Three States, Unpatched Vulnerability Was a Factor

An anonymous energy company providing power to Utah, Wyoming and Southern California suffered a denial of service attack that did not disrupt power but sent the firm’s systems offline, according to a Department of Energy official. The March 5 “cyber event” lasted almost ten hours, according to a report filed with the Department of Energy by the affected company, but”did not impact generation, the reliability of the grid or cause any customer outages.” The attack apparently stemmed from some form of a known software vulnerability that required a previously published patch to fix. Three electric sector organizations with operations spanning Utah, California, and Wyoming have all denied submitting the original report with the DOE on this incident.

April 30, 2019
Blake Sobczak / E&E News

Blake Sobczak / E&E News  
A ‘Cyber Event’ Interrupted Power Grid Operations but Did Not Cause Blackouts in California, Utah, and Wyoming on March 5, Remote Hackers or Internal Personnel Could Have Caused It

According to a cryptic report by the Department of Energy, a”cyber event” interrupted grid operations in parts of the western United States on March 5, lasting from 9 am to 7 pm. The report suggests remote hackers interfered with grid networks in California, Utah, and Wyoming although no power outages occurred. DOE defines “cyber event,” any disruption to an electrical system or grid communication network “caused by unauthorized access” to hardware, software or data,” leaving open the possibility that an employee could have triggered the event. Three power operators would fit the description in the report, Peak Reliability, a Western transmission operator, spans 14 states including Utah, Colorado and California,; The Western Area Power Administration, one of four federally owned power marketing organizations in the United States, which similarly maintains grid assets in those three states; and Berkshire Hathaway Energy, through its subsidiaries PacifiCorp and BHE Renewables LLC, although a Berkshire Hathaway representative denied it had such a cyber event.

June 14, 2019
Blake Sobczak / E&E News

Blake Sobczak / E&E News  
Dangerous Hacking Group Xenotime Targeting U.S. Power Grid, Other Regions’ Electric Utility Operations, NERC and Dragos

A highly dangerous, notorious hacking group known as “Xenotime” has zeroed in on the U.S. power sector in recent months according to a nonpublic alert issued by the electric utility industry’s self-regulatory body North American Electric Reliability Corp. (NERC) this spring and new research conducted by industrial cybersecurity firm Dragos. NERC sounded the alarm on March 1, saying that  Xenotime has been spotted hitting U.S. electric utilities with “reconnaissance and potential initial access operations” since late last year.  Xenotime, infamous for infecting the safety systems of a Saudi petrochemical plant with highly specialized, life-threatening malware known as Triton two years ago, isn’t known to have broken through to the sensitive controls of U.S. power plants or substations. After hackers “successfully compromised several oil and gas environments,” Xenotime has demonstrated “consistent, direct interest in electric utility operations” spanning North America to the Asia-Pacific region, Dragos said in a blog post.

Related: Dragos, Wired

Threat Proliferation in ICS Cybersecurity: XENOTIME Now Targeting Electric Sector, in Addition to Oil and Gas
THE HIGHLY DANGEROUS ‘TRITON’ HACKERS HAVE PROBED THE US GRID


May 6, 2019
Blake Sobczak / E&E News

Blake Sobczak / E&E News  
Sources: DoS Attack That Disrupted Operations of Western Power Utility Disabled Cisco Security Appliances, Likely Caused Loss of Visibility Into SCADA Network

The denial of service attack that disrupted the operations of an anonymous Western utility on March 5 disabled Cisco Adaptive Security Appliance devices ringing power grid control systems and likely caused temporary loss of visibility to certain parts of the utility’s supervisory control and data acquisition (SCADA) system, sources say. It’s not clear if the affected utility lost visibility into its SCADA assets for the full duration of the cyber event, which ran from 9 am to 7 pm, or if the utility completely lost visibility given that many utilities have alternate control systems communications during an emergency. It’s possible attackers found the Cisco firewalls exposed online via specialized internet search tools and weren’t intending to target the utility specifically.

September 9, 2019
Blake Sobczak / E&E News

Blake Sobczak / E&E News  
Cyberattack in Western U.S. Power Grid Enabled by Unpatched Firewalls, No Blackouts Resulted but Grid Control Blind Spots Were Created, NERC

A first-of-its-kind cyberattack that impacted a US power grid entity earlier this year did not cause any blackouts but did create blind spots at a grid control center and several small power generation sites in the western United States, according to a report from the North American Electric Reliability Corporation (NERC).  The high-profile attack, which attracted the attention of multiple federal agencies, was enabled by unpatched firewalls and was resolved when the utility in question implemented the necessary patches. A flaw in the victim utility’s firewalls allowed “an unauthenticated attacker” to reboot them over and over again, effectively breaking them, prompting NERC to call on utilities to add additional defenses beyond a firewall.

Tweets:@howelloneill @langnergroup


November 2, 2019
Blake Sobczak / E&E News

Blake Sobczak / E&E News  
Known Weakness in Cisco Firewalls Led to Electrical System Operations Interruption at Renewable Energy Firm sPower

In the first confirmed “cyber incident” known to have caused “interruptions of electrical system operations,” Salt Lake City renewable energy developer sPower suffered a “denial of service” attacks on March 5 that left grid operators temporarily blinded to generation sites totaling 500 megawatts, according to documents obtained by E&E News under the Freedom of Information Act. The incident briefly cut contact to a dozen wind and solar farms, The attack took advantage of a known weakness in Cisco firewalls, which triggered a series of five-minute communications outages over a span of about 12 hours according to an emergency report the company filed with the U.S. Department of Energy at the time North American Electric Reliability Corp. (NERC) posted a document revealing that the attack created blind spots at a grid control center in September. Still, it has not been known until now which company was involved.