First Disruptive Cyber Event Victimizes U.S. Power Grid

Cyberterrorists reportedly launched an attack on the U.S. power grid, creating vulnerabilities in its control center and several power-generation sites across the country.

The North American Electric Reliability Corporation or NERC revealed on Thursday that the U.S. grid suffered an unprecedented cyberattack this spring, though it did cause any blackouts in affected areas in the western United States.

In its “Lesson Learned” report, the NERC said the March 5 attack caused signal outages at the grid’s “low-impact” control center, but they did not last longer than five minutes. The energy watchdog presented its findings to the Department of Energy on what it considers the first disruptive “cyber event” to have victimized the U.S. power grid.

The cyberattack on the U.S. grid shows just how vulnerable power utilities in the country are, as they become more reliant to digitalization and interconnectivity, according to energy news website E&E News. The NERC itself urged organizations to use “as few internet-facing devices as possible” to avoid becoming exposed to hackers.

The March 5 incident couldn’t have come at a worse time for U.S. grid operators. Just two months before the attack, former National Intelligence Director Dan Coats had revealed that Russian hackers were now capable of disrupting power in the United States for at least a few hours. This was already seen back in 2015 and 2016, where cyber-terrorists successfully knocked out power utilities in Ukraine for several hours.

By comparison, the cyberattack earlier this year seemed to have been simpler and less dangerous than the ones in Ukraine. While the attack managed to breach the firewalls at the undisclosed control center, the perpetrators may not have realized that it was even connected to the power grid in California, Utah, and Wyoming.

Reid Wightman, a cybersecurity expert at Dragos Inc., told E&E News that he didn’t see any evidence that the power grid was indeed targeted by hackers.

“This was probably just an automated bot that was scanning the internet for vulnerable devices, or some script kiddie,” Wightman said.

While the incident did not cause any long-term impacts on the U.S. grid, several federal agencies are taking the event seriously. The blind spots created on the grid’s cybersecurity would have left operators unable to access the system for five-minute spans. This may not have been enough to cause major power outages, but it could have resulted in setbacks to the grid’s operation.

The NERC and DOE both refused to reveal the name of the utility involved in the cyberattack. They also declined to share any other details regarding the incident as they believe it could affect the reliability of the power grid.

“Lessons learned are an anonymized resource that identifies the lessons and contains sufficient information to understand the issues, and show the desired outcome,” said Kimberly Mielcarek, spokesperson for the NERC.

Mielcarek explained that the documents involved in the NERC’s report can be based either on a “single event” or general trends.