A denial-of-service (DoS) attack that caused disruptions at a power utility in the United States earlier this year exploited a known vulnerability in a firewall used by the affected organization.
The National Energy Technology Laboratory’s quarterly report last spring disclosed that a cyber incident caused’ interruptions to electrical systems activities’ on an unidentified utility in the West of the United States. The event on 5 March affected California, Utah and Wyoming, but there was no power failure.
At the moment of disturbance, E&E News was informed by energy and environment experts that a do – it-yourself attack exploited a recognized vulnerability but that no other information was made accessible.
E&E now realized that a North American Electric Reliability Corporation (NERC) report from the “lesson learned” revealed that the event involved a weakness of the internet interface of firewalls used by the organisation affected.
According to the NERC document, an unauthenticated attacker exploited a recognized weakness in firewalls to reboot a DoS situation. It is uncertain which business supplied the firewalls, but obviously they were perimeter appliances facing the internet that “were the safety of the exterior layer.”
While the affected device was not named, NERC claims that the DoS attack hits a low-impact control center and several distant low-impact sites, resulting in short communications interruptions between the control center and the servers and the field devices at locations.
The breakdown lasted less than five minutes and the reboots took place in 10 hours.
“After an initial internal investigation the entity decided to review the firewall manufacturer’s logs in order to fully characterize the type of reboots and potential causes,” stated NERC. “After analysis, reboots have been initiated by an external entity that exploits a known vulnerability in firewalls. After the notice was received, the organization launched its event reporting process as specified in its cyber safety reaction plan.”
The affected company has reportedly evaluated its firmware update process following the incident and NERC hopes that other energy firms will learn and act to avoid such occurrences.
NERC has been aware of fining energy companies for cyber security problems with millions of dollars, but it is uncertain whether the organisation hit by the DS attack will be penalized.