Last week, the U.S. power sector recorded an unprecedented event – an anonymous Western utility became the first to report a malicious "cyber event" that disrupted grid operations.
The attack occurred two months ago, on March 5, when a "denial-of-service" attack disabled Cisco Adaptive Security Appliance devices ringing power grid control systems in Utah, Wyoming and California, reports E&E News.
There were no blackouts, no harm to power generation and evidently very little effect on the Western transmission grid, according to multiple sources and officials. The most direct impact was likely a temporary loss of visibility to certain parts of the utility's supervisory control and data acquisition (SCADA) system, though all major transmission operators in the regions affected denied having been hit by the denial-of-service attack.
The "cyber event that causes interruptions of electrical system operations," as the attack was categorized, made waves in critical infrastructure security circles as a first-of-its-kind case study.
Not all grid attacks get reported.
The March 5 event is listed publicly because it cleared a certain bar of severity, said Sam Feinburg, executive director of Helena, which is working on a "Shield Project" to boost U.S. grid defenses. "There are undoubtedly many more such events that don't breach that bar and therefore don't become public knowledge."
The Federal Energy Regulatory Commission (FERC), frustrated by years of radio silence from utilities despite a stream of warnings about growing cyberthreats, moved last year to broaden the definition of what constitutes a reportable incident. Now The Department of Energy and FERC are both restructuring rules for utilities to report grid cyberattacks to regulators.
Source: E&E News