Utah renewables company was hit by rare cyberattack in March

[InfoSec News <alerts () infosecnews org>]

https://www.cyberscoop.com/spower-power-grid-cyberattack-foia/

By Sean Lyngaas
CYBERSCOOP
October 31, 2019

A Utah-based renewable energy company was the victim of a rare cyberattack that 
temporarily disrupted communications with several solar and wind installations 
in March, according to documents obtained under the Freedom of Information Act.

The attack left operators at the company, sPower, unable to communicate with a 
dozen generation sites for five-minute intervals over the course of several 
hours on March 5. Each generation site experienced just one communication 
outage. It is believed to be the first cybersecurity incident on record that 
caused a “disruption” in the U.S. power industry, as defined by the Department 
of Energy.

DOE defines a “cyber event” as a disruption to electrical or communication 
systems caused by unauthorized access to hardware, software or communications 
networks. Utilities have to promptly report any such incidents to DOE.

The attack did not affect sPower’s more critical control systems and did not 
impact its power generation, the company said. But it nevertheless highlights 
how generic software vulnerabilities that affect multiple industries can impact 
utilities.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_