- The North American Electric Reliability Corporation (NERC) on Wednesday revealed details about a March 5 cyber event that caused an undisclosed utility in the western United States to temporarily lose visibility of certain system parts.
- An external entity exploited a known firewall vulnerability at one of the utility's vendors, allowing an unauthenticated attacker to cause unexpected reboots of devices, according to NERC's analysis. These unexpected reboots resulted in brief communications outages — less than five minutes — between field devices and the control center.
- NERC is urging all utilities to have as few internet facing devices as possible on their systems, use a layered defense and employ redundancies for resilience.
The March cyberattack was the first time that remote hackers interfered with U.S. grid networks, according to regulators. The threat of a cyberattack is at an all-time high, NERC President and CEO Jim Robb said in his testimony before Congress in July.
In a "lessons learned" document, published on Sept. 4, NERC said the cyber event "resulted in a denial of service (DoS) condition at a low-impact control center and multiple remote low-impact generation sites." According to NERC, the DoS conditions, caused by a firewall vulnerability, lasted for 10 hours with each device showing offline status for less than five minutes.
NERC stressed that the cyber event did not impact the facility's ability to generate power.
The goal of publishing lessons learned is to provide industry with technical and understandable information that assists them with maintaining the reliability of the bulk power system, the corporation said.
NERC did not respond to a request for comment.
The March 5 cyber event, which was first reported by E&E News in April, affected several several states in the West, including California, Utah and Wyoming.
Despite the heightened threat of a cyberattack on the U.S. power grid, frequent violations of critical infrastructure protection (CIP) standards by utilities have led to calls for more transparency and increased oversight in the area of cybersecurity.
"If we're going to take cybersecurity seriously, we need to be serious about the way that NERC oversees the industry," Tyson Slocum, director of Public Citizen's Energy Program, told Utility Dive in July.
On Aug. 27, NERC and the Federal Energy Regulatory Commission released a joint white paper that proposes to publicly identify violators of cybersecurity standards in the bulk electric system.
While organizations such as consumer advocacy group Public Citizen have welcomed the changes proposed in the white paper, utility association Edison Electric Institute (EEI) pointed to the potential security risks associated with disclosing information.
"Even seemingly innocuous information that is self-reported can be exploited by sophisticated adversaries to target the energy grid. Protecting this information helps our members in their efforts to keep our nation's electricity supply secure and reliable," Phil Moeller, EEI Executive Vice President of Business Operations Group and Regulatory Affairs, told Utility Dive in an email last week.