The Department of Energy confirmed that on March 2019, between 9 a.m. and 7 p.m., a cyber event disrupted energy grid operations in California, Wyoming, and Utah.
The report states that interruptions of electrical system operations were observed in California (Kern County, Los Angeles County), Utah (Salt Lake County), Wyoming (Converse County). The report doesn’t include the name of the utility company that suffered the incident. It must be clear that a report of a cyber incident doesn’t necessarily imply that the company has been hacked, in some cases human errors or system misconfigurations could be the root causes of a cyber incident.
U.S. utilities are required to notify DOE within one hour of a cyber attack against their systems. DoE could fine up to $2,500 per day power companies that fail to file an OE-417 electric disturbance report.
Media outlets like E&E News and Motherboard correctly defined the report as cryptic, Department of Energy has not responded to a request by Motherboard for more information about the cyber event.
“A “cyber event,” according to infrastructure hacking experts, could be anything from hackers messing with the grid remotely,
Anyway, if confirmed that hackers remotely interfered with power grid networks in the US, the event would be unprecedented for the country. The unique power grid hacks recognized by the cyber security community is the one that caused massive power outages in Ukraine in 2015 and in 2016.
The E&E News
“There was no malicious intent” in that case, a spokeswoman said at the time, and Consumers Energy brought the lights back on within a few hours.
Cyber attacks against critical infrastructures, including power grids, are dangerous threats and possible consequences are unpredictable, for this reason, it is essential to share knowledge about attacks and attackers’ TTPSs.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.