On March 5th, 2019, an unprecedented Denial of Service (DoS) cyberattack occurred on American soil, targeted at the US power grid. This attack mainly affected the Western United States, and was a fortunately low-impact attack. No blackouts were caused, and the machines in question were out of commission for no more than five minutes, according to the North American Electric Reliability Corp, or NERC.
Even so, this leaves a historical mark on American infrastructure, and clearly demonstrates the dangers of increased connectivity. A simple firewall vulnerability was enough to cause multiple devices to be compromised and rebooted from a single point of failure. While the impact this time around was minimal, this could have gone much worse.
According to NERC's report, this problem was caused by outdated firmware. A firmware fix to patch the vulnerability that allowed this attack to happen had been released prior to the attack, but internal processes had been too lax to ensure that patch was applied before it was too late. Even after applying the patch, NERC continued to address the problem by implementing more safeguards in their networks. The steps they took (and recommend to others to protect from attacks like these) include the following:
- Employing virtual private networks (VPNs)
- Having fewer devices connected directly to the Internet, which reduces "attack surface" or potential points of failure
- Implementing ACLs (access control lists) as an additional filter to inbound traffic, even before the firewall
- ...and many others, mostly stricter monitoring of exploits out in the wild and the network itself
Note: Denial of Service (DoS) and Distributed Denial of Service (DDoS) are actually slightly different things. Other sources are incorrectly reporting this as the latter, which involves a large number of devices performing an attack on a single source, hence the "Distributed". NERC refers to this attack as a regular old DoS, though, so we are identifying it as that.