lswcap
The North American Electric Reliability Corporation (NERC) reported that it was the first cyberattack against the power grid in the U.S. for a cyberattack using the power grid recorded in the spring of 2019.
On March 5, a cyber attack conducted by someone using the U.S. power grid had a low level of impact on the power management center. NERC explained that there were power outages in the US server power management center and some small power plants. Cyber attacks are disruptive at the site level, but they haven’t had a big impact on the power grid itself. However, this cyber attack drew attention as it was the first destructive cyber attack to be launched against the U.S. power grid.
According to a foreign press, the cyberattack on the power grid shows that the risk of exposure to cyberattacks is increasing as U.S. power companies expand the digitization of control networks critical to power supply. In its report, NERC also describes future measures to ensure that as few devices connect to the Internet as possible.
Two months before the cyberattack on the power grid, a U.S. National Intelligence Service official said that a Russian hacker cut off U.S. power for at least a few hours, affecting 250,000 people, in the same way as a cyber attack on Ukrainian power companies in 2015 and 2016. He also said he warned that he could go crazy. Since then, a bill has been passed in the United States to manually switch control of power infrastructure in preparation for cyber attacks on the power grid.
A malware called CrashOverRide was used in a cyber attack on the Ukrainian power grid. However, it is said that cyberattacks detected in the United States are much simpler and less risky. It is believed that the cyber attack on the U.S. power grid was a by-product caused by an attack on the thin wall portal site used by a private utility. The portal site is part of the power grid in California, Utah and Wyoming, but it is possible that a hacker attacked the portal site without knowing it.
In the attack, an attacker who was not authenticated to the portal site repeatedly restarted the firewall and virtually failed. The firewall was responsible for monitoring the data flowing between the power plant and the official power management center, so every reboot disconnected the power management center from the power plant.
One expert said that there is no evidence that the U.S. power grid has been targeted so far, and that the cyber attack detected this time appears to be the job of a bot searching the Internet in search of vulnerable terminals or immature scripts.
Even if it was a bot and the damage was small, there is no change in the fact that this cyber attack has received the attention of the US government. In fact, several power plants and power management centers suffered a five-minute power outage, and the utility had to recover in the dark. It is not time for a nationwide power outage, but it is clear that it has disrupted general operations.
In addition, NERC, the US Department of Energy, and the US Federal Energy Regulatory Commission refused to disclose public works and details related to the cyber attack on March 5. The reason is that it can threaten the stability of the power grid. U.S. government rules state that utilities do not need to report a power outage unless transmission is interrupted for more than 30 minutes at a major power management center. Therefore, this cyber attack does not apply to power outages set by the government.
Of course, one expert says the biggest problem is the fact that hackers can take advantage of known flaws in firewall interfaces. It is pointed out that even attacks using related specific bugs were disclosed. Related information can be found here .
Add comment