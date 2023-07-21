The U.S. electric grid has been made more vulnerable to hacking risks by inverter-based technologies used in renewable solar and wind energy storage systems, CyberScoop reports.
In a hearing before the House Committee on Energy and Commerce, former Assistant Secretary of Defense Paul Stockton attributed the cybersecurity risks of power inverters to their digitally native nature and their China-based manufacturing.
"Manufacturers in China are important producers of inverters being deployed nationwide across the United States and I think looking at supply chain risks not just availability of critical products but the risks that China will exploit these products in order to conduct attacks on the grid," said Stockton, who noted that strengthening the devices of inverter equipment would enable stronger electric grid cyber resilience and better combat adversaries' threats.
Meanwhile, the Energy Department said that it will consider adding inverters to the newly introduced cybersecurity labeling initiative for smart devices.
"We look forward to partnering with the Federal Communications Commission, the Cybersecurity and Infrastructure Security Agency, DOE National Laboratories, and our industry partners to advance the cybersecurity of energy systems," said Director of the DOE Office of Cybersecurity, Energy Security, and Emergency Response Puesh Kumar.
BleepingComputer reports that internet-exposed Windows and Linux Redis servers that have not been patched against the critical Lua sandbox escape flaw, tracked as CVE-2022-0543, have been targeted by the new Rust-based P2PInfect worm malware, which features self-propagation capabilities.
Malicious NPM package dependencies and repository invitations have been leveraged by North Korean state-backed hacking operation Lazarus Group, also known as TraderTraitor and Jade Sleet, in limited social engineering attacks against cybersecurity, cryptocurrency, blockchain, and online gambling developers in GitHub, reports BleepingComputer.