`` Cyber attack against power grid '' also occurred in the United States



The North American Power Reliability Council (NERC) reports that the cyber attack using the power grid recorded in the spring of 2019 is the first cyber attack on the power grid in the United States .

Lesson Learned-Risks Posed by Firewall Firmware Vulnerabilities
(PDF file) https://www.eenews.net/assets/2019/09/06/document_ew_02.pdf

SECURITY: Report reveals play-by-play of first US grid cyberattack-Friday, September 6, 2019-www.eenews.net

A cyber attack carried out by someone using the US power grid on March 5, 2019 had a “low-level impact” on the power management center. NERC explains that a power outage occurred in a power management center in the US and several small power plants. Although there was confusion at the field level due to cyber attacks, there was no impact on the power grid itself, and no power outages occurred. However, this cyber attack attracted great attention as it was the first destructive cyber attack carried out against the US power grid.

E & E News, which deals with energy-related news, said, “This cyber attack on the power grid will increase the risk that American power companies will be exposed to cyber attacks by expanding the digitization of control networks that are important for power supply ' In fact, NERC wrote in its report that “the number of devices connected to the Internet will be as small as possible”, and what will be done in the future.



Two months before the cyber attack on the power grid, U.S. Secretary of State , Dan Coates, said Russian hackers, like cyber attacks on Ukrainian power companies in 2015 and 2016, “At least a few hours” just warned that shutting down US electricity could affect 250,000 people.

Since then, the US has passed a bill to switch the control of the power infrastructure to manual in preparation for cyber attacks on the power grid.

A bill to switch power infrastructure control to `` manual '' in preparation for cyber attacks is passed in the United States-gigazine

The cyber attack on the Ukrainian power grid used malware called “ CrashOverRide ”, but the cyber attack detected in the US seems to be simpler and much less dangerous. It is speculated that the cyber attacks carried out against the US power grid may be a byproduct of attacks on firewall portal sites used by private utilities. It seems that this portal site is connected to a part of the power network of California, Utah, Wyoming, but hackers may have attacked the portal site without knowing that.

In the attack, 'an attacker who has not been authenticated by the portal site' repeatedly restarted the firewall, resulting in a practical malfunction. Since this firewall was responsible for monitoring the data flowing between the power plant and the utility power management center, it seems that the connection between the power management center and the power plant was lost each time it was restarted.

Lead Wightman, a senior vulnerability analyst at Dragos , which handles cybersecurity-related products for enterprises, said, “There has been no evidence that the US power grid has been targeted for attacks so far. The cyber attack that was done is probably a bot that scans the Internet looking for vulnerable devices and immature scripts. '

Even if it is an automatic bot work and the damage was small, this cyber attack still attracted the attention of the US government. In fact, there are about 5 minutes of power outages at multiple power plants and power management centers, and power operators are forced to recover in the dark. Although this is not enough time to cause a nationwide power outage, there is no doubt that it has hindered normal operation.

by PublicDomainPictures

The NERC, the US Department of Energy , the US Federal Energy Regulatory Commission, and the Western Power Coordinating Committee refused to reveal public works and other details related to the cyber attack that occurred on March 5, 2019. The reason is that it may endanger the reliability of the power grid.

Under US government rules, power companies do not need to report power outages unless they stop transmitting at major power management centers for more than 30 minutes. Therefore, this cyber attack did not apply to the “power outage” defined by the government.

The biggest problem is 'the fact that hackers can take advantage of the known flaws on the firewall interface,' says Wightman, pointing out that exploits with certain related bugs were also publicly available. The

in Web Service,   Security, Posted by logu_ii