An apparent cyberattack on March 5 caused disruptions at a western U.S. electric utility by creating a denial of service condition, according to an official summary of Electric Disturbance Events reports processed by the U.S. Department of Energy (DOE) this year.
The victimized power company has not been identified, but the incident lasted from 9:12 a.m. to 6:57 p.m. that day, affecting system operations in Kern and Los Angeles Counties in California, Salt Lake County in Utah, and Converse County in Wyoming. However, the event “did not impact generation, the reliability of the grid or cause any customer outages,” E&E News reported this week, quoting a DOE official.
Additional reports quoted a DOE spokesperson as saying that the DoS condition stemmed from a “known vulnerability that required a previously published software update to mitigate.” The spokesperson added that the DOE “continues to work with our industry partners through the ISACs to ensure the dissemination of the appropriate mitigation information to manage their associated risks.”
It remains unclear who in this case was responsible for interfering with operations. However, cyber experts agree that defending critical infrastructure facilities must remain a high priority, especially in light of recent government warnings about state-sponsored foreign cyber actors targeting the energy sector.