First Ever DoS Cyber-Attack On A US Power Grid Detailed In Startling Report

cyberattack power grid
On March 5th, 2019, an unprecedented Denial of Service (DoS) cyberattack occurred on American soil, targeted at the US power grid. This attack mainly affected the Western United States, and was a fortunately low-impact attack. No blackouts were caused, and the machines in question were out of commission for no more than five minutes, according to the North American Electric Reliability Corp, or NERC.

Even so, this leaves a historical mark on American infrastructure, and clearly demonstrates the dangers of increased connectivity. A simple firewall vulnerability was enough to cause multiple devices to be compromised and rebooted from a single point of failure. While the impact this time around was minimal, this could have gone much worse.

According to NERC's report, this problem was caused by outdated firmware. A firmware fix to patch the vulnerability that allowed this attack to happen had been released prior to the attack, but internal processes had been too lax to ensure that patch was applied before it was too late. Even after applying the patch, NERC continued to address the problem by implementing more safeguards in their networks. The steps they took (and recommend to others to protect from attacks like these) include the following:
  • Employing virtual private networks (VPNs)
  • Having fewer devices connected directly to the Internet, which reduces "attack surface" or potential points of failure
  • Implementing ACLs (access control lists) as an additional filter to inbound traffic, even before the firewall
  • ...and many others, mostly stricter monitoring of exploits out in the wild and the network itself
As the United States and other countries shift to a more digital infrastructure, cybersecurity becomes more important than ever. An attacker with the ability to control an entire city's power grid and other utilities could grind that city's entire economy to a halt near-instantly, and devastate countless lives in the process. The only way to prevent issues like these from arising in the future is to further improve security measures, or stick with technology so old that it can't reasonably be exploited.

Note: Denial of Service (DoS) and Distributed Denial of Service (DDoS) are actually slightly different things. Other sources are incorrectly reporting this as the latter, which involves a large number of devices performing an attack on a single source, hence the "Distributed". NERC refers to this attack as a regular old DoS, though, so we are identifying it as that.