Recently, an Unprecedented “Malicious Cyber Event” Disrupted Grid Operations in the US

(Psst: The FTC wants me to remind you that this website contains affiliate links. That means if you make a purchase from a link you click on, I might receive a small commission. This does not increase the price you'll pay for that item nor does it decrease the awesomeness of the item. ~ Daisy)

A “cyber event” interrupted grid operations in parts of the western United States in early March, but the hack was just disclosed to the public a few days ago.

The attack marked a somber milestone for the US power sector: the unnamed utility company is the first to report a malicious event that disrupted grid operations.

“According to a cryptic report posted by the Department of Energy, the March 5 incident lasted from 9 a.m. until nearly 7 p.m. but didn’t lead to a power outage, based on a brief summary of the electric disturbance report filed by the victim utility,” E&E News reported on April 30.

Authorities don’t know the source of the cyber event.

E&E News posted an update today, which includes the following information:

The hack itself occurred two months ago, on March 5, when a “denial-of-service” attack disabled Cisco Adaptive Security Appliance devices ringing power grid control systems in Utah, Wyoming and California, according to multiple sources and a vague summary of a Department of Energy filing.

There were no blackouts, no harm to power generation and evidently very little effect on the Western transmission grid, according to multiple sources and officials. The most direct impact was likely a temporary loss of visibility to certain parts of the utility’s supervisory control and data acquisition (SCADA) system, though all major transmission operators in the regions affected denied having been hit by the denial-of-service attack. (source)

In an interview with NPR, E&E News’s Blake Sobczak, who was the first to report on the issue, explained the event in more detail:

There was a disruption, but it did not lead to any blackouts or really, as far as we know, any halt in the flow of electricity there. What likely happened here was what’s called a loss of visibility. There was a denial-of-service attack against some part of the utilities network infrastructure, and that basically led operators to not be able to see what was going on in the grid. So it’s sort of like driving with blinders on. As long as nothing crazy happens, you should be fine, but it certainly constitutes a disruption and a reportable event here to the Department of Energy.

It does pose a hazard, and that’s why the Department of Energy actually requires utilities to report if they experience a cyberattack within one hour of the event itself. And so this is really the first time that we’ve seen a utility tell regulators at the DOE, at the Department of Energy, hey, hackers disrupted some part of our operations. And in this case, again, it appears that that was related to visibility as to what was happening on the grid there. (source)

The attack was a relatively basic DOS event, according to officials.

This raises concerns about what might happen if a more sophisticated hacker chose to launch a far more powerful attack.

Sobczak explains what a DOS (denial of service) incident is:

Denial-of-service, or DOS, cyberattacks overwhelm target networks with bogus traffic, making it difficult for victim computers to operate normally. Distributed-denial-of-service (DDOS) attacks harness the power of hacked “botnets” of computers to throw at hackers’ targets, while rarer telephony-denial-of-service (TDOS) events seek to block incoming and outgoing calls.

***

Denial-of-service attacks frequently target internet-facing devices or services — one record-setting DDOS interrupted access to popular sites like Twitter and Grubhub in fall 2016. In order for a DOS to have triggered an electric disturbance alert, it likely would have hit something more significant, but still externally facing, industry sources speculated: perhaps firewalls or routers on the boundary of a grid network. While a cyberattack on such equipment wouldn’t disrupt the flow of electricity, it could force operators to pause or redirect certain activities at affected facilities to allow for an investigation. (source)

Even more concerning is the fact that the DOS perpetrator(s) took advantage of a known software vulnerability that required a previously published patch to fix, according to a DOE official. “In other words, with a patch in hand, it wouldn’t have been difficult for power companies to identify and update any computer systems potentially at risk. DOE didn’t clarify which equipment — whether routers, work stations or even phones — were affected by the denial of service.” Sobczak explains.

Utility companies are required to notify DOE within one hour of any successful cyber attack on their systems. If they fail to file an OE-417 electric disturbance report, they can be fined up to $2,500 per day. However, DOE has never issued civil or criminal penalties related to the form. The form is supposed to include an overview of the incident, whether it be a hurricane-related outage or a physical attack on the facility. A second, more closely guarded portion of the form contains a detailed summary of actions taken to resolve the incident and “preliminary results from any investigations,” per DOE guidelines, E&E News reports.

There are several reasons authorities hide these events from the public.

In today’s update, Sobczak elaborates on the significance of the attack and the surrounding secrecy:

No U.S. electrical utility is known to have experienced any disruptive cyberattack in the past, a surprising fact given that utilities routinely find themselves in the crosshairs of the world’s most sophisticated hackers and can face millions of more run-of-the-mill hacking attempts every day. (Energywire, July 20, 2018).

Fears that a bona fide cyberattack would be blown out of proportion among the general public have fueled a culture of secrecy around anything filed under “cyber” in the electricity sector.

At the most recent GridEx security exercise in 2017, utilities practiced how word would get out about a blitz of simulated cyber and physical attacks. The exercise modeled how misinformation about the incident could spread quickly over social media.

“The grid runs everything. Forget how robust it is. How many other critical infrastructure sectors rely on electricity?” said John Hultquist, director of intelligence analysis at cybersecurity firm FireEye Inc.

“It’s the best way to cause cascading effects across society — the public knows that. They don’t know anything about how hard that would be.” (source)

Even though the March 5 attack didn’t cause customer outages or impact the reliability of the grid, and there’s no evidence it was part of a coordinated attack, the event is highly concerning.

To date, the best known successful grid attack occurred in 2015 and again in 2016 when hackers allegedly linked to the Russian government targeted portions of Ukraine’s energy grid with a DOS attack and cut off electricity for several hours to tens of thousands of people. That cyber attack was the first known to have caused a blackout anywhere in the world.

A significant grid attack in the US would cause widespread problems.

If that kind of outage happened here, it would cause millions of dollars in damage and serious disruption of life as we know it. Lives could be lost as well – particularly if hospitals and other healthcare facilities were impacted, and if the outage was prolonged.

A 2015 report by the University of Cambridge Centre for Risk Studies estimated a major grid attack in the United States could cost up to $1 trillion in the most severe circumstances.

The March 5 DOS attack on U.S. Cisco equipment isn’t known to have involved any hostile takeover of operational networks. “It’s possible the hacker or hackers, in that case, didn’t even realize they were interfering with power grid equipment, sources said, perhaps having found the Cisco firewalls exposed online via specialized internet search tools,” Sobczak explains.

Some experts say the US power grid has already been hacked, as Daisy Luther reported in 2017:

A report by internet security experts, Symantec, says that a hacking group called Dragonfly 2.0 has gained access to 20 power company networks. The American power grid has been hacked, but for some reason, the culprits restrained themselves from taking down the power like they did in Ukraine recently.

The targets were in the United States, Turkey, and Switzerland. According to Symantec, the hackers did gain access to the interface they would need to control the power equipment, with which they could cause a widespread blackout. Eric Chien, a Symantec security analyst, told Wired:

“There’s a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage … being able to flip the switch on power generation. We’re now talking about on-the-ground technical evidence this could happen in the US, and there’s nothing left standing in the way except the motivation of some actor out in the world.” (source)

While we were all focused on the natural disasters like wildfires and hurricanes looming over us, this report went all but unnoticed by the mainstream and alternative media alike.

Our grid has been hacked. Symantec’s report refuses to disclose which power plants were compromised, but there seems to be no doubt the hackers were able to gain access to operational control of them. And while this has been going on for a few years now, they’re getting bolder and nearly have the pieces in place to widespread sabotage our power grid. (source)

Sobczak’s May 6 report concludes with some troubling information (emphasis mine):

The Department of Energy and the Federal Energy Regulatory Commission are both restructuring rules for utilities to report grid cyberattacks to regulators. FERC commissioners, frustrated by years of radio silence from utilities despite a stream of warnings about growing cyberthreats, moved last year to broaden the definition of what constitutes a reportable incident.

The March 5 event is listed publicly because it cleared a certain bar of severity, said Sam Feinburg, executive director of Helena, which is working on a “Shield Project” to boost U.S. grid defenses. “There are undoubtedly many more such events that don’t breach that bar and therefore don’t become public knowledge.”

Feinburg said such events, even when carried out by unsophisticated hackers, don’t get enough attention.

“[Grid] infrastructure is getting more complicated, and because of that, it’s getting harder and harder to defend each part of it,” he said. “The ability to conduct these attacks is only being distributed across a wider and wider set of folks.”

“It does not take a sophisticated attacker to deal damage to critical electrical infrastructure, and that’s scary,” Feinburg said. (source)

Experts say more needs to be done to protect the grid.

“The U.S. electrical grid is highly complex with some 3,300 utility companies that work together to deliver power through 200,000 miles of high-voltage transmission lines. The nation also has 55,000 electrical substations and 5.5 million miles of distribution lines that power millions of homes and businesses,” a report last year states.

In 2017, grid cybersecurity expert Robert M. Lee, CEO of industrial cybersecurity firm Dragos, Inc., told Scientific American that the scary side of grid vulnerability is twofold:

One, our adversaries are getting much more aggressive. They’re learning a lot about our industrial systems, not just from a computer technology standpoint but from an industrial engineering standpoint, thinking about how to disrupt or maybe even destroy equipment. That’s where you start reaching some particularly alarming scenarios.

The second thing is, a lot of that ability to return to manual operation, the rugged nature of our infrastructure—a lot of that’s changing. Because of business reasons, because of lack of people to man the jobs, we’re starting to see more and more computer-based systems. We’re starting to see more common operating platforms. And this facilitates a scale for adversaries that they couldn’t previously get. (source)

When asked to clarify what he meant by adversaries getting more aggressive, Lee explained:

The key events are things like the Ukraine attack in 2015–2016, [in which a cyberattack brought down portions of the Ukrainian power grid], as well as two different campaigns in 2013–2014, BlackEnergy2 and Havex, [two malware programs that were deployed against energy sector companies]. Basically, far-reaching espionage on industrial facilities one year; the next year getting into industrial environments; and then culmination in attacks in 2015–2016. That’s aggressive in itself.

For my own firm, what we’re seeing in the [overall] activity in the space is it’s growing. Over the last decade, I have seen adversary activity increase in some measure, and then around 2013–2014 just start spiking. (source)

It is up to each of us to prepare for a grid-down event.

On May 2, President Trump signed an executive order aimed at filling the deficit of cybersecurity professionals in the federal workforce, including specialists with knowledge of cyber-physical systems like power grids and gas pipelines. “The Nation is experiencing a shortage of cybersecurity talent and capability, and innovative approaches are required to improve access to training that maximizes individuals’ cybersecurity knowledge, skills, and abilities,” the EO states. Last month, Trump signed an EMP awareness EO called Executive Order on Coordinating National Resilience to Electromagnetic Pulses as a first step toward learning more about how an EMP would affect us and how to protect critical infrastructure.

However, how effective the government’s new efforts will be is yet to be seen.

Recently, preparedness author Michael Mabee warned that the federal government has no plan for a long-term power outage and that the lack of preparedness could lead to tragic consequences:

In the U.S. we are literally on life support, plugged into the electric grid. If somebody unplugs us, everything necessary to sustain life stops: food, water, fuel, transportation, medical care, communications, financial – everything.

The grid is vulnerable to numerous threats. The U.S. Senate said that in a long-term nation-wide blackout, millions of citizens could die. After a few weeks, we would die in droves from waterborne diseases, starvation, and societal collapse. What if the grid went down for longer than a few weeks? (source)

Here are some resources that can help you prepare for the big one.

Mabee has assembled a comprehensive website with information on the threats and actions we can take.

The Blackout Book: This is a true quick-start guide to handling a power outage like a boss and it will be helpful to both beginners and those with a bit more experience. Click here to grab the book.

You’ve Been Warned: Why You Need to Be Ready for Total Grid Failure

Why Low-Tech Prepping Is a Better Option for a Long-Term Grid-Down Scenario

Power Grid Could Buckle During Extreme Heat Wave: Here’s How to Keep Cool

What do you think?

Do you think more of these events occur but remain under the radar?

Are you prepared for a long-term grid-down event? If so, what have you done to prepare?

Please share your thoughts in the comments.

About the Author

Dagny Taggart is the pseudonym of an experienced journalist who needs to maintain anonymity to keep her job in the public eye. Dagny is non-partisan and aims to expose the half-truths, misrepresentations, and blatant lies of the MSM.

Picture of Dagny Taggart

Dagny Taggart

Dagny Taggart is the pseudonym of an experienced journalist who needs to maintain anonymity to keep her job in the public eye. Dagny is non-partisan and aims to expose the half-truths, misrepresentations, and blatant lies of the MSM.

Leave a Reply

  • Nobody is going to do anything of any significance – not Congress, not Trump, not the power companies. Just live with it. We have a country full of nobodys doing nothin’. Get yourself prepared. The only one you can depend on is yourself.

    • THERE is a saying…IF YOU WANT IT DONE RIGHT, DO IT YOURSELF !!! so you nailed it. The government won’t be able to help anybody in their time of need. IF we are not prepared on our own, GOD help us…I’ve know about this since 2013. Here it is 6 years later, telling me that we are probably living on borrowed time. Not a matter of IF it will happen, but when will it happen.
      My grandmother (rest her soul) told me, BETTER TO BE SAFE, THAN SORRY !!! I believe it to this day. Do what you can. It’s not gonna be a pretty picture once it happens, that’s for sure.

  • It wasn’t all that long ago that the grid was not interconnected nationally.
    Problems in one section would not automatically crash everything.
    Now a big enough EMP could take down the whole country, although I have read that Texas is not fully connected to the rest of the country.
    Adding to the problems, some electric companies are still running Windows XP and earlier systems. Makes hacking a lot easier.

  • The question is, why didn’t they kill the power as they did in Ukraine. Beware of the trojan horse! Reports show that with an EMP, 90% of our population will die the first year. Regardless of EMP or hack, if we lose power, this country will never be the same. Check out ghostreconsurvival.com for a good article to read for SHTF survival preparedness. After all, the real reason so many people dying from these types of events comes down to one thing, preparedness

  • It’s not just cyber-attacks to worry about. Rocky Mountain Power is shutting down power in our area early Friday morning for about 5 hours. They have to replace some power transmission units due to some idiots using them for target practice. Imagine the damage that could have been done if the yahoos were terrorists.

  • Spot on! In support of the threat you describe, I am supporting the newly created IoT Security Center (Elpis) to promote policies for critical infrastructure cyber security, especially where IoT devices are rapidly increasing the threat surface. IT security policies cover only a small portion of the overall cyber threat, especially to the grid where automation is expanding and operational (cyber)security not addressed by IT.

    On another front, I am working with a small group from Michigan and Indiana to promote small Waste to Energy projects using municipal and farm waste (including sludge) to produce small power generation facilities (5-20 Megawatts). Europe has many such gasification facilities already but our landfill mentality has slowed implementation here. We can lower risks by producing local power with smaller facilities, no large transmission infrastructure (an easy target) and clean up waste at the same time. These are clean burning systems fully compliant with Clean Air policies…win-win.

  • HOW many people KNOW the Rothchild family OWNS ALL THE POWER COMPANIES IN AMERICA,if their told to turn it off, they will,the operators have no fear,THE AMERICAN PEOPLE LOVE BEING HELD CAPTIVE ..THEIR THE SLAVES of the police gangs,and their MASTER SATAN…AND VERY SOON,they’ll be taken to the FEMA DEATH CAMPS AND KILLED,they don’t care,but they will when they get to hell…..

  • Please tell me again why the US keeps welcoming in foreigners to attend out universities and earn an advanced degree in a subject like electrical engineering? And as the work on their degree they’re working on cutting edge technology that can be stolen and leave the country?

    • Good question Tom sounds like you might know part of the answer. If you have listened/read Brendon O’Connell then you know what’s really going on. Looks like HenryMakow.com is posting his articles now that u-tube banned him.

    • Perhaps because we have always prospered because of the greater work ethic of immigrants. That’s what built out country – people willing to invest huge amounts of effort, take substantial risks, to move across the world to an unknown nation whose reputation for freedom offered them the chance to succeed if they were willing to put in the extra effort such huge displacements of location and comfort involve. “…stolen and leave the country?” Yep, it’s certainly probable that there are some agents of foreign powers doing this, just as we have done ever since our founding. Not everyone is good. Nor is everyone evil. But the reality is that our prosperity came from immigration. And our present decline is a result, not of immigration, but of internal dissent. Ignorance is the prevailing wisdom, conflict the new social norm. We’ve been in decline for perhaps 4 decades now. That’s at least partly due to our never-ending assaults on the rest of the world, but largely a function of the natural cycle of human social orders. They rise, expand, then decline and decay. Ever since Reagan, we’ve been heading downhill. For those in denial, there’s not much to say. A simple way to see it is to buy some orange juice. Used to be a half-gallon. The price kept going up. Then that 64 ounce package became 59 ounces. Now it’s 52 ounces. But there’s no inflation, nosiree. Our dollar is doing fine, thanks. My entire life savings will probably not even buy me an aspirin when I finally have to rely fully on it and Social Security has collapsed. Now that the world is about to flee the dollar, things will only get much worse. And much faster.

      • @UltraSkeptic “Perhaps because we have always prospered because of the greater work ethic of immigrants. That’s what built out country – people willing to invest huge amounts of effort, take substantial risks, to move across the world to an unknown nation whose reputation for freedom offered them the chance to succeed if they were willing to put in the extra effort such huge displacements of location and comfort involve.”

        Many European exceptional people immigrated to the US. Many more European exceptional people were killed during the many European wars throughout history. No doubt there are still exceptional people in europe (and CA too), but with so many of the remaining people being non-exceptional people, they have voted in socialism. Happening now in US.

  • I would suggest that everyone search for “SPARS Pandemic 2025–2028”, then recall this story:

    https://money.cnn.com/2015/10/16/technology/sniper-power-grid/index.html

    As far as I am aware, no arrests were ever made.

    This “Great Reset” has been in the works for at least twenty years. Michael Flynn has already called for investigations into the SPARS scenario, and I agree with him. We’re being attacked by con artists. The only way to stop it is to reveal their scams. Start putting pressure on your Congress creature.

  • You Need More Than Food to Survive

    In the event of a long-term disaster, there are non-food essentials that can be vital to your survival and well-being. Make certain you have these 50 non-food stockpile essentials. Sign up for your FREE report and get prepared.

    We respect your privacy.
    >
    Malcare WordPress Security