electrical grid – Page 2 – WindowsTechs.com

How the US military used a creepy island to test cyberattacks on the grid — in the middle of a pandemic

Posted on December 17, 2020 by Sean Lyngaas

The U.S. government officials trying to test the country’s ability to respond to a major cyberattack thought they had pulled out all the stops. Engineers had planned to simulate the kind of security incident that would cause an electrical blackout, after all, and had even planned to hold the event on an isolated island off the coast of New York. Even with all that preparation, a once-in-a-century pandemic still wasn’t in the script. Until this year, National Guard personnel, Pentagon contractors and engineers at big U.S. utilities would typically gather in person to run through exercises involving dire scenarios, from a weeks-long power outage to a mock attack on utility computers that appeared to delete data. In October, though, COVID-19 forced planners from the departments of Defense and Energy to figure out how to run the event virtually, with participants plugged in from around the country. And they used the […]

The post How the US military used a creepy island to test cyberattacks on the grid — in the middle of a pandemic appeared first on CyberScoop.

Continue reading How the US military used a creepy island to test cyberattacks on the grid — in the middle of a pandemic→

SolarWinds breach has industrial firms checking their networks for vulnerabilities

Posted on December 15, 2020 by Sean Lyngaas

Executives from multiple U.S. electric utilities on Monday convened a phone call to discuss a critical vulnerability in software made by SolarWinds, the federal contractor at the heart of an apparent cyber-espionage operation. The briefing, hosted by an industry-government group known as the Electricity Subsector Coordinating Council, is just one example of the wide ripple effects of the malicious tampering of SolarWinds’ software by suspected state-sponsored hackers. The SolarWinds compromise has led to the reported breaches of multiple U.S. federal agencies, including the departments of Treasury and Homeland Security. The affected software is widely used in the electricity, oil and gas and manufacturing sectors, and the process of assessing some organizations’ exposure to the bug has only just started. “We have to make sure we’re breaking down some of these concepts so they understand the impact to them as critical infrastructure owners and operators,” said one U.S. official involved in […]

The post SolarWinds breach has industrial firms checking their networks for vulnerabilities appeared first on CyberScoop.

Continue reading SolarWinds breach has industrial firms checking their networks for vulnerabilities→

Researchers uncover vulnerabilities in devices used at industrial facilities

Posted on August 5, 2020 by Sean Lyngaas

For the three Ukrainian power companies that suspected Russian hackers pried their way into in 2015, the pain wasn’t over when the attackers opened the companies’ circuit breakers and sent 225,000 people into darkness. The intruders also planted malicious code on key equipment at power substations, preventing engineers from remotely closing the circuit breakers and slowing the effort to restore power. The way the hackers blinded the Ukrainian power firms to their own operations is still studied by utilities around the world, and security specialists investigating critical electric equipment. A group of researchers at cybersecurity company Trend Micro on Wednesday added important data to those efforts by revealing multiple vulnerabilities in the same types of devices exploited by the Russians five years ago. By making their findings public, researchers are prompting organizations to further scrutinize the little black boxes that serve as translators on key networks. The research covered vendors in France, […]

The post Researchers uncover vulnerabilities in devices used at industrial facilities appeared first on CyberScoop.

Continue reading Researchers uncover vulnerabilities in devices used at industrial facilities→

Citing hacking threats, Trump limits foreign-sourced equipment in U.S. electric sector

Posted on May 1, 2020 by Sean Lyngaas

President Donald Trump on Friday issued an executive order barring federal agencies and companies under U.S. jurisdiction from installing foreign-owned equipment in the electric sector that might pose “an unacceptable risk to national security.” The sweeping directive authorizes Trump’s energy secretary, Dan Brouillette, to work with U.S. national security agencies and the energy industry to vet equipment before it gets installed, and to identify vulnerable gear already in place. It is the latest move by the administration to clamp down on foreign-sourced software and hardware, following an order last year covering U.S. companies’ procurement of telecommunications gear. The new executive order covers equipment procured and installed in the “bulk-power system” — or infrastructure used in electricity generation and transmission, and generally not distribution. “Foreign adversaries are increasingly creating and exploiting vulnerabilities” in that system, including through “malicious cyber activities,” Trump said in the order. One of the more notable hacking operations to target the U.S. […]

The post Citing hacking threats, Trump limits foreign-sourced equipment in U.S. electric sector appeared first on CyberScoop.

Continue reading Citing hacking threats, Trump limits foreign-sourced equipment in U.S. electric sector→

European power grid organization says its IT network was hacked

Posted on March 9, 2020 by Sean Lyngaas

The organization that ensures coordination of European electricity markets said Monday that its IT network had been compromised in a “cyber intrusion.” The European Network of Transmission System Operators for Electricity (ENTSO-E), whose members include large electric transmission operators across the continent, “recently found evidence of a successful cyber intrusion into its office network,” the organization said in a terse statement. The compromised office network is not connected to any operational electric transmission system, ENTSO-E said, meaning the attack was confined to IT systems and did not impact critical control systems. “A risk assessment has been performed and contingency plans are now in place to reduce the risk and impact of any further attacks,” the ENTSO-E said, adding that its members were apprised of the situation. CyberScoop sent ENTSO-E’s press office a list of questions including when the digital intrusion began and who might be responsible for the attack. “For obvious […]

The post European power grid organization says its IT network was hacked appeared first on CyberScoop.

Continue reading European power grid organization says its IT network was hacked→

Energy Department shakes up cyber leadership with appointment of ex-NSA official

Posted on February 14, 2020 by Sean Lyngaas

Department of Energy officials have tapped a veteran of the National Security Agency to be the department’s top cyber official and lead an office that helps protect U.S. industry from hacking threats. In a message to department staff Thursday reviewed by CyberScoop, Secretary of Energy Dan Brouillette said Alexander Gates’ decades of experience in signals intelligence and cyber operations would be critical in running the department’s Office of Cybersecurity, Energy Security and Emergency Response. Gates replaces Karen Evans, a former Office of Management and Budget official and DOE chief information officer, who was sworn in as assistant secretary of Energy for cybersecurity, energy security and emergency response in September 2018. Gates will have “delegated authority” to lead the cybersecurity office, meaning he can do so without being a Senate-confirmed assistant secretary. Then-Secretary of Energy Rick Perry established the cybersecurity office two years ago as part of a push by the department […]

The post Energy Department shakes up cyber leadership with appointment of ex-NSA official appeared first on CyberScoop.

Continue reading Energy Department shakes up cyber leadership with appointment of ex-NSA official→

Why one researcher mimicked Russian hackers in breaking into a European utility

Posted on January 23, 2020 by Sean Lyngaas

Jason Larsen was tired of hearing about the skills of Russian-linked hackers, particularly those who cut power in parts of Ukraine in 2015 and 2016. These were groundbreaking and worrying attacks, he thought to himself, but giving the attackers too much credit makes defending against them more complicated than it needs to be. So Larsen, a researcher at cybersecurity company IOActive, broke into the substation network of a European electric utility using one of the Russian hackers’ techniques. The first segment of the attack — gaining root access on some firmware— took him 14 hours. He took notes by the hour and shared them with the distribution utility, one of his clients, to improve their defenses. “We’ve embodied them with all of these god-like abilities,” Larsen said of Sandworm, the group said to be responsible for the attacks and which many believe to work on behalf of Russia’s military intelligence agency. The group turned the lights […]

The post Why one researcher mimicked Russian hackers in breaking into a European utility appeared first on CyberScoop.

Continue reading Why one researcher mimicked Russian hackers in breaking into a European utility→

Oil-and-Gas Specialist APT Pivots to U.S. Power Plants

Posted on January 10, 2020 by Tara Seals

Researchers say that physically disruptive attacks aren’t imminent, but an increased focus on U.S. electrical-grid operators doesn’t bode well. Continue reading Oil-and-Gas Specialist APT Pivots to U.S. Power Plants→

The Hornsdale Power Reserve And What It Means For Grid Battery Storage

Posted on December 16, 2019 by Lewin Day

Renewable energy has long been touted as a major requirement in the fight to stave off the world’s growing climate emergency. Governments have been slow to act, but prices continue to come down and the case for renewables grows stronger by the day.

However, renewables have always struggled around the …read more

Continue reading The Hornsdale Power Reserve And What It Means For Grid Battery Storage→

‘GridEx’ offers stiff security test for an industry that welcomes the challenge

Posted on November 13, 2019 by Sean Lyngaas

Every two years, power-grid authorities throw the kitchen sink of digital and physical mayhem at electric utilities and government organizations across North America. It is one of the biggest tests of the utilities’ ability to withstand wave upon wave of hypothetical attacks — and they are not necessarily supposed to pass the test. The GridEx simulation, which begins Wednesday, is “purposely designed to overwhelm even the most prepared organizations” so they can improve their resiliency, said Matt Duncan an official at the North American Electric Reliability Corp., which runs the drill. Exercise participants won’t need any reminders that, in the last four years, malicious hackers have cut power for hundreds of thousands of people in Ukraine and caused a petrochemical plant to shut down in Saudi Arabia. GridEx is one way that U.S. critical-infrastructure companies work to prevent such disruptive attacks from hitting them. Participants, which will also include natural gas companies […]

The post ‘GridEx’ offers stiff security test for an industry that welcomes the challenge appeared first on CyberScoop.

Continue reading ‘GridEx’ offers stiff security test for an industry that welcomes the challenge→