sPower, a Utah-based renewable energy provider, is in the unenvied posture of holding two unwanted titles.
First, the company is the first-ever US provider of solar and wind renewable energy to have been the victim of a cyber-attack.
Second, the company is the first US power grid operator that is known to have lost connection with its power generation installations as a result of a cyberattack.
Revelations about the Utah company’s plight came to light following dogged reporting from E&E News; a news outlet focused on energy & environment professionals.
The outlet first reported about the cyber-attack back in April, a month after it happened; the site’s reporters then tracked down the root cause of the attack to an unpatched firewall, in September; today, the site revealed the name of the company which suffered the attack, along with other additional details.
According to a Freedom of Information Act (FOIA) request the site filed with the Department of Energy (see a copy here, courtesy of Cyberscoop), on March 5, this year, an attacker used a vulnerability in a Cisco firewall to crash the device and break the connection between sPower’s wind and solar power generation installations and the company’s main command center.
The attack also didn’t appear to be targeted in nature. The documents reveal that the hacker didn’t continue their attack nor did they breach sPower’s network following the initial exploit that crashed the unpatched firewall.
sPower said it mitigated the intrusion by patching outdated devices. A sPower spokesperson was not immediately available for comment for additional details about the incident.
However, despite this being the first publicly reported cyberattack that disconnected a US power provider from its network, the attack is nowhere near the sophistication of the attacks that hit Ukraine’s power grid in the winter of 2015 and 2016, when Russian hackers cut power to almost half a million Ukrainians in a power outage that lasted hours.
Based on public reporting and insight shared with this reporter, foreign hackers have increased their attacks on the US energy sector; however, acts of intentional sabotage have not yet taken place, and most of the intrusions have been basic reconnaissance operations or intellectual property theft.