Your one-stop web resource providing safety and security information to manufacturers

An energy company providing power to areas in three western U.S. states suffered a distributed denial of service (DDoS) attack that did not disrupt power, but sent the firm’s systems offline.

The March 5 “cyber event” lasted almost ten hours, according to an electric emergency and disturbance report filed with the Department of Energy by the affected company.

RELATED STORIES
Norsk Hydro: Attack Cost $50M
Another Manufacturer Hit by Ransomware
Arizona Tea Recovering from Ransomware Attack
Triton Attacker at Second Site

The March 5 incident lasted from 9 a.m. until nearly 7 p.m. but didn’t lead to a power outage, based on a summary of the electric disturbance report filed by the victim utility, according to a report in E&E News.

A spokesperson for the Department of Energy (DoE) confirmed the attack, which knocked the energy company’s systems offline by overloading them with traffic.

Cyber Security

Excerpt from the electric emergency and disturbance report.

“DoE received a report about a denial-of-service condition that occurred at an electric utility on March 5, 2019 related to a known vulnerability that required a previously published software update to mitigate,” said the spokesperson in a report with TechCrunch. “DoE continues to work with our industry partners through the ISACs to ensure the dissemination of the appropriate mitigation information to manage their associated risks.”

The name of the energy company wasn’t named, but it provides power and energy to customers across Los Angeles in California, Salt Lake County in Utah, and Converse County in Wyoming.

“The incident did not impact generation, the reliability of the grid or cause any customer outages,” the DoE spokesperson said.

Western Electricity Coordinating Council, the regional reliability authority for the affected area, did not immediately comment.

Pin It on Pinterest

Share This