Threat Advisory 

In May of 2019, the U.S. power grid experienced another attack. A series of unpatched Cisco Adaptive Security Appliances belonging to a western electric utility provider suddenly began repeatedly rebooting – for over ten hours. These firewalls were on the outer security layer of the network, and as a result of the continued rebooting, local network services came to a halt. This type of attack is known as a Denial of Service (DoS) attack.The electric utility provider and device manufacturer both began combing through logs and network traffic, but they soon 

U.S. Power Grid Experiences a Denial-of-Service Attack Due to Outdated Security Appliance 1

realized that the problem was not a hardware malfunction, but that the network was under direct attack. Subsequent analysis revealed that an attacker was exploiting a known vulnerability in an old version of Cisco’s firewall. The attack triggered all vulnerable devices to continuously reboot, rendering them inoperable.

The electric utility provider was able to issue patches to the affected devices and stop further attacks from being successful. While electricity transmission and delivery were not adversely affected, this attack is the furthest intrusion into the U.S. grid by a cyber attacker. Had the attacker chained another exploit together with this attack, the entire network could have been completely compromised, leading to a take-over by a hostile entity. A damaging cyber attack on the U.S. grid would be catastrophic to the public, as well as financially crippling to the victim organization.

How could this have been prevented? A mature vulnerability risk management program would have allowed the electric utility provider to identify, prioritize, patch, and track all assets and third-party risks in their network as well as remain compliance with NERC regulations. After the firewalls were updated, the electric utility provider implemented a patch management program. In a September 2019 report on the incident NERC stated, “It should be noted that the entity was already working to develop internal procedures to support this process; however, these were not completed or being practiced at the time of the event.” NERC recently fined an entity $10 million for more than 120 similar security violations over four years.

In addition to a risk management program, proper load-balancing of firewalls and other network devices on critical infrastructure allows network traffic to continue to flow in the event one device becomes inoperable. Also, Access Control Lists (ACLs) allow firewalls to deny access to any device not on a whitelist. These are a few of the many actions an organization can take to harden its security posture. The strategy of combining multiple layers of security protocols along every step is known as a “defense-in-depth” approach to security. By having multiple layers of security, from policy down through firmware patching, an organization can begin to secure their networks and assets.

View More Resources Here

U.S. Power Grid Experiences a Denial-of-Service Attack Due to Outdated Security Appliance 2
Utilities
U.S. Power Grid Experiences a Denial-of-Service Attack Due to Outdated Security Appliance 3
Transportation
U.S. Power Grid Experiences a Denial-of-Service Attack Due to Outdated Security Appliance 4
Healthcare
U.S. Power Grid Experiences a Denial-of-Service Attack Due to Outdated Security Appliance 5
Finance
U.S. Power Grid Experiences a Denial-of-Service Attack Due to Outdated Security Appliance 6
Energy
U.S. Power Grid Experiences a Denial-of-Service Attack Due to Outdated Security Appliance 7
Additional Industries
U.S. Power Grid Experiences a Denial-of-Service Attack Due to Outdated Security Appliance 8

U.S. Power Grid Experiences a Denial-of-Service Attack Due to Outdated Security Appliance 9 U.S. Power Grid Experiences a Denial-of-Service Attack Due to Outdated Security Appliance 10 U.S. Power Grid Experiences a Denial-of-Service Attack Due to Outdated Security Appliance 11

189 S Orange Ave #1950, Orlando, FL 32801
(407) 573.6800
sales@fortressinfosec.com

COPYRIGHT © 2019. FORTRESS INFORMATION SECURITY. ALL RIGHTS RESERVED. PRIVACY POLICY

PRESS RELEASE

FORTRESS LAUNCHES INNOVATIVE COLLABORATION TO HELP PROTECT THE POWER GRID FROM CYBER THREATS

Emerging Risk Brief

ASSET RISK MANAGEMENT - FOR PORT AUTHORITIES

Advisory

5 STEPS FOR AN EFFECTIVE THIRD PARTY VENDOR RISK PROGRAM

White Paper

CIP COMPLIANCE – UPDATES, ENFORCEMENT AND PRACTICAL IMPLEMENTATION

Advisory

5 STEPS TO A STRONG VULNERABILITY MANAGEMENT PROGRAM

WHITE PAPER

NERC CIP COMPLIANCE

Subscribe to Fortress Newsletter

For breach reports, threat intelligence, regulatory
updates, cyber security news alerts and more,
sign up to receive the Fortress Newsletter.

Threat Advisory

Outdated Security Appliance Facilitates Denial-of-Service Attack on U.S. Grid

WEBINAR DOCUMENT

NERC CIP SUPPLY CHAIN SECURITY STANDARDS