https://www.cyberscoop.com/spower-power-grid-cyberattack-foia/
By Sean Lyngaas
CYBERSCOOP
October 31, 2019
A Utah-based renewable energy company was the victim of a rare cyberattack that
temporarily disrupted communications with several solar and wind installations
in March, according to documents obtained under the Freedom of Information Act.
The attack left operators at the company, sPower, unable to communicate with a
dozen generation sites for five-minute intervals over the course of several
hours on March 5. Each generation site experienced just one communication
outage. It is believed to be the first cybersecurity incident on record that
caused a “disruption” in the U.S. power industry, as defined by the Department
of Energy.
DOE defines a “cyber event” as a disruption to electrical or communication
systems caused by unauthorized access to hardware, software or communications
networks. Utilities have to promptly report any such incidents to DOE.
The attack did not affect sPower’s more critical control systems and did not
impact its power generation, the company said. But it nevertheless highlights
how generic software vulnerabilities that affect multiple industries can impact
utilities.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
