Search Results for “Blake Sobczak”


September 9, 2019
Blake Sobczak / E&E News

Blake Sobczak / E&E News  
Cyberattack in Western U.S. Power Grid Enabled by Unpatched Firewalls, No Blackouts Resulted but Grid Control Blind Spots Were Created, NERC

A first-of-its-kind cyberattack that impacted a US power grid entity earlier this year did not cause any blackouts but did create blind spots at a grid control center and several small power generation sites in the western United States, according to a report from the North American Electric Reliability Corporation (NERC).  The high-profile attack, which attracted the attention of multiple federal agencies, was enabled by unpatched firewalls and was resolved when the utility in question implemented the necessary patches. A flaw in the victim utility’s firewalls allowed “an unauthenticated attacker” to reboot them over and over again, effectively breaking them, prompting NERC to call on utilities to add additional defenses beyond a firewall.

Tweets:@howelloneill @langnergroup


April 30, 2019
Blake Sobczak / E&E News

Blake Sobczak / E&E News  
A ‘Cyber Event’ Interrupted Power Grid Operations but Did Not Cause Blackouts in California, Utah, and Wyoming on March 5, Remote Hackers or Internal Personnel Could Have Caused It

According to a cryptic report by the Department of Energy, a”cyber event” interrupted grid operations in parts of the western United States on March 5, lasting from 9 am to 7 pm. The report suggests remote hackers interfered with grid networks in California, Utah, and Wyoming although no power outages occurred. DOE defines “cyber event,” any disruption to an electrical system or grid communication network “caused by unauthorized access” to hardware, software or data,” leaving open the possibility that an employee could have triggered the event. Three power operators would fit the description in the report, Peak Reliability, a Western transmission operator, spans 14 states including Utah, Colorado and California,; The Western Area Power Administration, one of four federally owned power marketing organizations in the United States, which similarly maintains grid assets in those three states; and Berkshire Hathaway Energy, through its subsidiaries PacifiCorp and BHE Renewables LLC, although a Berkshire Hathaway representative denied it had such a cyber event.

May 3, 2019
Blake Sobczak / E&E News

Blake Sobczak / E&E News  
DoS Attack Caused The Ten-Hour ‘Cyber Incident’ Disrupting Power Operations in Three States, Unpatched Vulnerability Was a Factor

An anonymous energy company providing power to Utah, Wyoming and Southern California suffered a denial of service attack that did not disrupt power but sent the firm’s systems offline, according to a Department of Energy official. The March 5 “cyber event” lasted almost ten hours, according to a report filed with the Department of Energy by the affected company, but”did not impact generation, the reliability of the grid or cause any customer outages.” The attack apparently stemmed from some form of a known software vulnerability that required a previously published patch to fix. Three electric sector organizations with operations spanning Utah, California, and Wyoming have all denied submitting the original report with the DOE on this incident.

May 6, 2019
Blake Sobczak / E&E News

Blake Sobczak / E&E News  
Sources: DoS Attack That Disrupted Operations of Western Power Utility Disabled Cisco Security Appliances, Likely Caused Loss of Visibility Into SCADA Network

The denial of service attack that disrupted the operations of an anonymous Western utility on March 5 disabled Cisco Adaptive Security Appliance devices ringing power grid control systems and likely caused temporary loss of visibility to certain parts of the utility’s supervisory control and data acquisition (SCADA) system, sources say. It’s not clear if the affected utility lost visibility into its SCADA assets for the full duration of the cyber event, which ran from 9 am to 7 pm, or if the utility completely lost visibility given that many utilities have alternate control systems communications during an emergency. It’s possible attackers found the Cisco firewalls exposed online via specialized internet search tools and weren’t intending to target the utility specifically.

June 14, 2019
Blake Sobczak / E&E News

Blake Sobczak / E&E News  
Dangerous Hacking Group Xenotime Targeting U.S. Power Grid, Other Regions’ Electric Utility Operations, NERC and Dragos

A highly dangerous, notorious hacking group known as “Xenotime” has zeroed in on the U.S. power sector in recent months according to a nonpublic alert issued by the electric utility industry’s self-regulatory body North American Electric Reliability Corp. (NERC) this spring and new research conducted by industrial cybersecurity firm Dragos. NERC sounded the alarm on March 1, saying that  Xenotime has been spotted hitting U.S. electric utilities with “reconnaissance and potential initial access operations” since late last year.  Xenotime, infamous for infecting the safety systems of a Saudi petrochemical plant with highly specialized, life-threatening malware known as Triton two years ago, isn’t known to have broken through to the sensitive controls of U.S. power plants or substations. After hackers “successfully compromised several oil and gas environments,” Xenotime has demonstrated “consistent, direct interest in electric utility operations” spanning North America to the Asia-Pacific region, Dragos said in a blog post.