DOE: “Cyber Event” Hit Power Grid in Three U.S. States, No Outages Reported

Cyberattacks apparently disrupted energy grid operations in parts of California, Utah and Wyoming in early March 2019, in what could be an unprecedented event based on notes from a U.S. Department of Energy (DOE) report first unearthed by E&E News.

The incident, which occurred on March 5, interrupted electrical system operations in Los Angeles and Kern Counties in California, Salt Lake County in Utah and Converse County in Wyoming. The attack did not disrupt electrical delivery or cause any outages, the DOE said.

There has never been a successful cyberattack on a U.S. electric grid facility carried out by a remote hacker that impeded the flow of electricity. It’s difficult to know exactly what happened in this case considering how absent detail is the DOE’s Electric Emergency and Disturbance Report for March report, which refers to a “cyber event that causes interruptions of electrical system operations.” By the agency’s definition such notation can describe anything from a software bug to an attack by remote nation-state hackers. The report does not reveal which utility company (or companies) experienced the interruption.

However, a DOE spokesperson identified the incident as a distributed denial of service (DDoS) attack, CNBC said. The event “occurred at an electric utility...related to a known vulnerability that required a previously published software update to mitigate. The incident did not impact generation, the reliability of the grid or cause any customer outages,” the spokesperson told CNBC. If it was indeed a DDoS maneuver, its genesis could be anywhere in the world.

Then again, the whole thing could be nothing more than a false alarm as was the case when an employee at Consumers Energy, a Michigan utility, accidentally turned off power to some 15,000 people in the state in January 2018 and the utility subsequently filed a report with the DOE.

E&E News did a little further digging trying to find out the facility (or facilities) involved in the incident. But for the most part, apparently no one wants to talk about it:

  • The Federal Energy Regulatory Commission, said it was “aware of the situation" but offered nothing more.
  • The Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency said go talk to the DOE.
  • The Western Electricity Coordinating Council, which monitors grid reliability and security across western North America, declined to talk about it other than to confirm that its analysts had narrowed the event down to a “single entity.”
  • Peak Reliability, an operator spanning 14 states including California and Utah, didn’t respond to E&E News’ inquiry.
  • The Western Area Power Administration, a federally-owned power marketing organization that maintains power grid assets in California, Utah and Wyoming, said it didn't file a report.
  • A spokeswoman for Berkshire Hathaway Energy said none of the firm's subsidiaries were affected by the event.

The feds have long warned about the potential for nation-state sponsored attacks against the U.S. power grid and other critical infrastructure. A year ago, DHS and the Federal Bureau of Investigation said in an alert that Russian cyber attackers had surreptitiously gained access to U.S. and European critical infrastructure and could have shut down or crippled nuclear power plants and systems controlling water, electricity, aviation and commercial manufacturing.

In 2017, DHS issued a CrashOverride (aka Industroyer) malware warning to U.S. electric utilities and power grid operators. The warning, from the Computer Emergency Readiness Team’s National Cybersecurity and Communications Integration Center, noted “a new highly capable Industrial Controls Systems attack platform that was reportedly used in 2016 against critical infrastructure in Ukraine.”

Also that year Symantec warned about Dragonfly, a group of cybercriminals operating since at least 2011, that could launch cyberattacks against energy companies, utilities and power grids in Europe and North America. It’s not only the nation’s power grids that are vulnerable to cyberattacks -- roughly 600 dams in 17 western U.S. states are at risk as well, according to the U.S. Department of the Interior.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.