sPower, a Utah-based renewable energy company fell victim to a denial-of-service (DoS) attack that disrupted communications between the company and a dozen generation sites. During the incident, each site experienced one five-minute outage that was attributed to a known vulnerability on a Cisco firewall.
The firewall issues were already known, and the devices were on the public internet, so authorities feel that it wasn’t necessarily an attack on the energy company specifically. It’s more likely that the attack was scanning for devices with this unpatched flaw to attack.
Following the incident, sPower deployed a firmware update which removed the vulnerability to a DoS attack of this sort.
More famous was the 2015 cyberattack on electric infrastructure in Ukraine where Russian hackers were able to manipulate power systems and initiate a power blackout that left a quarter-million people in the dark.
US utilities and the Department of Energy have studied the Ukraine attack as well as others since. The sPower DoS attack was far less serious but will provide additional threat vectors for energy companies to consider.
In an attack like sPower faced, Uplogix can be a critical tool for rapid response and recovery:
- First, accessing gear during a DoS attack can be tricky. The network can be overwhelmed with traffic, limiting access to impacted devices. Using the out-of-band network, admins can log into devices as if they were connecting a laptop.
- Configuration changes can be made rapidly to one device, or many of the same type, allowing admins to halt the attack.
- Finally, device updates like firmware changes can be applied securely and reliably to devices to limit the attack and get things back on track.
In a DoS attack, time is of the essence, especially when it comes to critical energy infrastructure. Uplogix is there to help.