Solar, Wind Power Utility Disrupted in Rare Cyberattack
In March of this year, Utah-based renewable energy provider sPower suffered a denial-of-service (DoS) attack resulting in multiple short periods of downtime at the firm’s main control center. According to Phil Neray of CyberX, the attack “disrupted the organization’s ability to monitor the current status of its power-generation systems,” an issue that is known in the industry as ‘loss of view.’
Documents obtained via the Freedom of Information Act (FOIA) show that Department of Energy analyst Matt Tarduogno blamed the disruptions on recurrent firewall reboots. These were triggered by the threat actor’s exploitation of a known vulnerability in the firmware of the Cisco firewalls used by sPower. The targeted company eventually resolved the issue by patching the vulnerable firewalls. Analysts point out that the cyberattack, which effectively disrupted parts of the US energy grid, is the first of its kind in the United States. The incident seems to be the same attack that was mentioned in September report by the North American Electric Reliability Corporation (NERC).