It’s being described as the first of its kind, and the first cyberattack to disconnect a US power grid operator from its power station. sPower, a renewable energy provider based in Utah has been the first renewable energy provider to fall victim to a cyberattack after it was hit by a breach in April.
The attack caused sPower to lost connection with its installations, making it also the first renewable energy company to lose connection to its resources as the result of a cyber attack.
News came from E&E News who first reported on the breach after a “cryptic” report published by the US Department of Energy said that grid operations in the west of the United States were distrupted by a ‘cyber event’.
“Foreign hackers have increased their attacks on the US energy sector”
“The incident lasted from 9am until nearly 7pm, but didn’t lead to a power outage, based on a brief summary of the electric disturbance report filed by the victim utility,” which you can access here.
It is being reported that “according to a freedom of information act (FOIA) request the site filed with the Department of Energy, an attacker used a vulnerability in a Cisco firewall to crash the device and break the connection between sPower’s wind and solar generation installations and the company’s main command center.”
While there were exploitations of the firewall, analysts are stating that it’s likely the attack was not targeted in its nature, considering that the hacker “didn’t continue their attack nor did they breach sPower’s network following the initial exploit that crashed the unpatched firewall,” according to Catalin Cimpanu. E&E News says that considering this fact, “that leaves open the possibility that a utility employee or trespasser, rather than a remote hacker triggered the event.”
Reports state that while this is the first public cyberattack that successfully took a energy provider off the grid, it pales in significance compared to the sophistication of the cyberattacks that took down Ukraine’s power grid in the winter of 2015-2016. “Russian hackers cut power to almost half a million Ukrainians in a power outage that lasted hours,” Cimpanu writes.
“Based on public reporting and insight shared with this reporter, foreign hackers have increased their attacks on the US energy sector; however, acts of intentional sabotage have not yet taken place, and most of the intrusions have been basic reconnaissance operations or intellectual property theft.”