We’ve talked critical infrastructure vulnerabilities quite a bit on this blog through the years but until today, our conversations have been confined to hypotheticals.
First Ever Cyber Disruption
According to an interview conducted May 4, 2019 on NPR the United States first cyber power grid disruption has been reported to the Department of Energy.
The disruption took place in March of this year in a geographic area reported broadly as “Utah, Wyoming and California – Southern California”.
No loss of power or service interruptions were reported in association with the “disruption” and the event was categorized as a “loss of visibility”. Essentially, operators were unable to see what was going on on the grid during the event.
While specifics are short at this time, the root cause of the event has been attributed to a targeted DDOS attack directed at the network.
While in general DDOS attacks are fairly rudimentary tools in the hacking toolbox this particular DDOS showed signs that the hackers were familiar with the network and were able to exploit a flaw particular to it.
“In this case, the denial of service exploited a particular vulnerability, so it was a little bit more targeted than that. The hacker or hackers knew what they were doing and were able to actually find a particular flaw in this network equipment and send a certain type of packet or string of data to really make it stop working.”
How Vulnerable is the Grid?
That is the million dollar question. The U.S. power grid is a massively complicated and interconnected beast with connections to utilities large and small, sophisticated and philistine. The potential for infiltration and disruption has been documented and now proven, albeit in a rather minor way.
How Vulnerable is your network?
In a recent poll by eSecurityPlanet.com about 64 percent of respondents said they conduct penetration testing at least annually, and 60 percent conduct threat hunting exercises at the same rate. Do you? Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.
If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.
The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.