[BreachExchange] Cyber-attack hits Utah wind and solar energy provider

Fri Nov 1 10:13:47 EDT 2019

https://www.zdnet.com/article/cyber-attack-hits-utah-wind-and-solar-energy-provider/

sPower, a Utah-based renewable energy provider, is in the unenvied
posture of holding two unwanted titles.

First, the company is the first-ever US provider of solar and wind
renewable energy to have been the victim of a cyber-attack.

Second, the company is the first US power grid operator that is known
to have lost connection with its power generation installations as a
result of a cyberattack.

Revelations about the Utah company's plight came to light following
dogged reporting from E&E News; a news outlet focused on energy &
environment professionals.

The outlet first reported about the cyber-attack back in April, a
month after it happened; the site's reporters then tracked down the
root cause of the attack to an unpatched firewall, in September;
today, the site revealed the name of the company which suffered the
attack, along with other additional details.

According to a Freedom of Information Act (FOIA) request the site
filed with the Department of Energy (see a copy here, courtesy of
Cyberscoop), on March 5, this year, an attacker used a vulnerability
in a Cisco firewall to crash the device and break the connection
between sPower's wind and solar power generation installations and the
company's main command center.

The attack also didn't appear to be targeted in nature. The documents
reveal that the hacker didn't continue their attack nor did they
breach sPower's network following the initial exploit that crashed the
unpatched firewall.

sPower said it mitigated the intrusion by patching outdated devices. A
sPower spokesperson was not immediately available for comment for
additional details about the incident.

However, despite this being the first publicly reported cyberattack
that disconnected a US power provider from its network, the attack is
nowhere near the sophistication of the attacks that hit Ukraine's
power grid in the winter of 2015 and 2016, when Russian hackers cut
power to almost half a million Ukrainians in a power outage that
lasted hours.

Based on public reporting and insight shared with this reporter,
foreign hackers have increased their attacks on the US energy sector;
however, acts of intentional sabotage have not yet taken place, and
most of the intrusions have been basic reconnaissance operations or
intellectual property theft.