The North American Electric Reliability Corp. on Sept. 4 revealed details of a March cyberattack that caused an electric utility’s control center in the western U.S. to briefly lose connections with parts of its system.
This marks the first time NERC has reported remote hackers interfered with U.S. grid networks.
In a “lessons learned” section on the organization’s website aimed at utility operators, NERC reported that a vulnerability in the perimeter firewalls protecting communications between the utility’s control center and multiple remote generation sites, and between equipment on these sites, was exploited. The hack “allowing an unauthenticated attacker to cause unexpected reboots of the devices.”
NERC says the attack resulted in a denial of service “at a low-impact control center and multiple remote, low-impact generation sites,” and communications outages of under five-minute durations between field devices, and between the sites and the control center.
The March 5 event was first reported by E&E News in April. It affected California, Utah and Wyoming.
NERC says the attack had no impact on generation, but the utility’s monitoring system detected multiple communications interruptions at different sites over a 10-hour period.
A subsequent investigation revealed the cause, but not the source, of the intrusion.
NERC urges all utilities to have as few internet-facing devices as possible. They should also use a layered defense and employ redundancies for resilience.
NERC says the utility, which has not been publicly identified, implemented a firmware update to the firewall, which had been released prior to the incident, and has secured the breach. It is reviewing its patch approval procedures, NERC adds.