electrical grid – Page 2 – WindowsTechs.com

Researchers uncover vulnerabilities in devices used at industrial facilities

Posted on August 5, 2020 by Sean Lyngaas

For the three Ukrainian power companies that suspected Russian hackers pried their way into in 2015, the pain wasn’t over when the attackers opened the companies’ circuit breakers and sent 225,000 people into darkness. The intruders also planted malicious code on key equipment at power substations, preventing engineers from remotely closing the circuit breakers and slowing the effort to restore power. The way the hackers blinded the Ukrainian power firms to their own operations is still studied by utilities around the world, and security specialists investigating critical electric equipment. A group of researchers at cybersecurity company Trend Micro on Wednesday added important data to those efforts by revealing multiple vulnerabilities in the same types of devices exploited by the Russians five years ago. By making their findings public, researchers are prompting organizations to further scrutinize the little black boxes that serve as translators on key networks. The research covered vendors in France, […]

The post Researchers uncover vulnerabilities in devices used at industrial facilities appeared first on CyberScoop.

Continue reading Researchers uncover vulnerabilities in devices used at industrial facilities→

Citing hacking threats, Trump limits foreign-sourced equipment in U.S. electric sector

Posted on May 1, 2020 by Sean Lyngaas

President Donald Trump on Friday issued an executive order barring federal agencies and companies under U.S. jurisdiction from installing foreign-owned equipment in the electric sector that might pose “an unacceptable risk to national security.” The sweeping directive authorizes Trump’s energy secretary, Dan Brouillette, to work with U.S. national security agencies and the energy industry to vet equipment before it gets installed, and to identify vulnerable gear already in place. It is the latest move by the administration to clamp down on foreign-sourced software and hardware, following an order last year covering U.S. companies’ procurement of telecommunications gear. The new executive order covers equipment procured and installed in the “bulk-power system” — or infrastructure used in electricity generation and transmission, and generally not distribution. “Foreign adversaries are increasingly creating and exploiting vulnerabilities” in that system, including through “malicious cyber activities,” Trump said in the order. One of the more notable hacking operations to target the U.S. […]

The post Citing hacking threats, Trump limits foreign-sourced equipment in U.S. electric sector appeared first on CyberScoop.

Continue reading Citing hacking threats, Trump limits foreign-sourced equipment in U.S. electric sector→

European power grid organization says its IT network was hacked

Posted on March 9, 2020 by Sean Lyngaas

The organization that ensures coordination of European electricity markets said Monday that its IT network had been compromised in a “cyber intrusion.” The European Network of Transmission System Operators for Electricity (ENTSO-E), whose members include large electric transmission operators across the continent, “recently found evidence of a successful cyber intrusion into its office network,” the organization said in a terse statement. The compromised office network is not connected to any operational electric transmission system, ENTSO-E said, meaning the attack was confined to IT systems and did not impact critical control systems. “A risk assessment has been performed and contingency plans are now in place to reduce the risk and impact of any further attacks,” the ENTSO-E said, adding that its members were apprised of the situation. CyberScoop sent ENTSO-E’s press office a list of questions including when the digital intrusion began and who might be responsible for the attack. “For obvious […]

The post European power grid organization says its IT network was hacked appeared first on CyberScoop.

Continue reading European power grid organization says its IT network was hacked→

Energy Department shakes up cyber leadership with appointment of ex-NSA official

Posted on February 14, 2020 by Sean Lyngaas

Department of Energy officials have tapped a veteran of the National Security Agency to be the department’s top cyber official and lead an office that helps protect U.S. industry from hacking threats. In a message to department staff Thursday reviewed by CyberScoop, Secretary of Energy Dan Brouillette said Alexander Gates’ decades of experience in signals intelligence and cyber operations would be critical in running the department’s Office of Cybersecurity, Energy Security and Emergency Response. Gates replaces Karen Evans, a former Office of Management and Budget official and DOE chief information officer, who was sworn in as assistant secretary of Energy for cybersecurity, energy security and emergency response in September 2018. Gates will have “delegated authority” to lead the cybersecurity office, meaning he can do so without being a Senate-confirmed assistant secretary. Then-Secretary of Energy Rick Perry established the cybersecurity office two years ago as part of a push by the department […]

The post Energy Department shakes up cyber leadership with appointment of ex-NSA official appeared first on CyberScoop.

Continue reading Energy Department shakes up cyber leadership with appointment of ex-NSA official→

Why one researcher mimicked Russian hackers in breaking into a European utility

Posted on January 23, 2020 by Sean Lyngaas

Jason Larsen was tired of hearing about the skills of Russian-linked hackers, particularly those who cut power in parts of Ukraine in 2015 and 2016. These were groundbreaking and worrying attacks, he thought to himself, but giving the attackers too much credit makes defending against them more complicated than it needs to be. So Larsen, a researcher at cybersecurity company IOActive, broke into the substation network of a European electric utility using one of the Russian hackers’ techniques. The first segment of the attack — gaining root access on some firmware— took him 14 hours. He took notes by the hour and shared them with the distribution utility, one of his clients, to improve their defenses. “We’ve embodied them with all of these god-like abilities,” Larsen said of Sandworm, the group said to be responsible for the attacks and which many believe to work on behalf of Russia’s military intelligence agency. The group turned the lights […]

The post Why one researcher mimicked Russian hackers in breaking into a European utility appeared first on CyberScoop.

Continue reading Why one researcher mimicked Russian hackers in breaking into a European utility→

Oil-and-Gas Specialist APT Pivots to U.S. Power Plants

Posted on January 10, 2020 by Tara Seals

Researchers say that physically disruptive attacks aren’t imminent, but an increased focus on U.S. electrical-grid operators doesn’t bode well. Continue reading Oil-and-Gas Specialist APT Pivots to U.S. Power Plants→

The Hornsdale Power Reserve And What It Means For Grid Battery Storage

Posted on December 16, 2019 by Lewin Day

Renewable energy has long been touted as a major requirement in the fight to stave off the world’s growing climate emergency. Governments have been slow to act, but prices continue to come down and the case for renewables grows stronger by the day.

However, renewables have always struggled around the …read more

Continue reading The Hornsdale Power Reserve And What It Means For Grid Battery Storage→

‘GridEx’ offers stiff security test for an industry that welcomes the challenge

Posted on November 13, 2019 by Sean Lyngaas

Every two years, power-grid authorities throw the kitchen sink of digital and physical mayhem at electric utilities and government organizations across North America. It is one of the biggest tests of the utilities’ ability to withstand wave upon wave of hypothetical attacks — and they are not necessarily supposed to pass the test. The GridEx simulation, which begins Wednesday, is “purposely designed to overwhelm even the most prepared organizations” so they can improve their resiliency, said Matt Duncan an official at the North American Electric Reliability Corp., which runs the drill. Exercise participants won’t need any reminders that, in the last four years, malicious hackers have cut power for hundreds of thousands of people in Ukraine and caused a petrochemical plant to shut down in Saudi Arabia. GridEx is one way that U.S. critical-infrastructure companies work to prevent such disruptive attacks from hitting them. Participants, which will also include natural gas companies […]

The post ‘GridEx’ offers stiff security test for an industry that welcomes the challenge appeared first on CyberScoop.

Continue reading ‘GridEx’ offers stiff security test for an industry that welcomes the challenge→

Utah renewables company was hit by rare cyberattack in March

Posted on October 31, 2019 by Sean Lyngaas

A Utah-based renewable energy company was the victim of a rare cyberattack that temporarily disrupted communications with several solar and wind installations in March, according to documents obtained under the Freedom of Information Act. The attack left operators at the company, sPower, unable to communicate with a dozen generation sites for five-minute intervals over the course of several hours on March 5. It is believed to be the first cybersecurity incident on record that caused a “disruption” in the U.S. power industry, as defined by the Department of Energy. DOE defines a “cyber event” as a disruption to electrical or communication systems caused by unauthorized access to hardware, software or communications networks. Utilities have to promptly report any such incidents to DOE. The attack did not affect sPower’s more critical control systems and did not impact its power generation, the company said. But it nevertheless highlights how generic software vulnerabilities […]

The post Utah renewables company was hit by rare cyberattack in March appeared first on CyberScoop.

Continue reading Utah renewables company was hit by rare cyberattack in March→

ICS Attackers Set To Inflict More Damage With Evolving Tactics

Posted on October 31, 2019 by Elizabeth Montalbano

While it remains difficult to attack critical infrastructure successfully, adversaries aim to use past experience to launch more destructive future attacks, according to analysis. Continue reading ICS Attackers Set To Inflict More Damage With Evolving Tactics→