An energy company providing power to areas in three western U.S. states suffered a distributed denial of service (DDoS) attack that did not disrupt power, but sent the firm’s systems offline.
The March 5 “cyber event” lasted almost ten hours, according to an electric emergency and disturbance report filed with the Department of Energy by the affected company.
The March 5 incident lasted from 9 a.m. until nearly 7 p.m. but didn’t lead to a power outage, based on a summary of the electric disturbance report filed by the victim utility, according to a report in E&E News.
A spokesperson for the Department of Energy (DoE) confirmed the attack, which knocked the energy company’s systems offline by overloading them with traffic.
“DoE received a report about a denial-of-service condition that occurred at an electric utility on March 5, 2019 related to a known vulnerability that required a previously published software update to mitigate,” said the spokesperson in a report with TechCrunch. “DoE continues to work with our industry partners through the ISACs to ensure the dissemination of the appropriate mitigation information to manage their associated risks.”
The name of the energy company wasn’t named, but it provides power and energy to customers across Los Angeles in California, Salt Lake County in Utah, and Converse County in Wyoming.
“The incident did not impact generation, the reliability of the grid or cause any customer outages,” the DoE spokesperson said.
Western Electricity Coordinating Council, the regional reliability authority for the affected area, did not immediately comment.