US Suffers Power Grid Cyber Attack

29 May 2019

On March 5, parts of the energy grids in California, Utah and Wyoming were affected by a suspected cyber attack. Details of the incident are patchy, but the cyber attack is thought to be the first to successfully disrupt operations within the US power grid.

There were no reported blackouts in what the US Department of Energy recorded as a “cyber event”. However, the incident used a known vulnerability to carry out a “denial-of-condition” attack against industrial control systems supplied by one particular US technology company.

The attack reportedly disrupted supervisory control and data acquisition (SCADA) systems for around five hours, although power companies remained in control of the grid.

Successful cyber attacks against power companies and grids are rare. In December 2015, a cyber attack crippled part of Ukraine's power grid, believed to be the first cyber attack known to have caused a blackout.

Earlier this year, Venezuela said cyber attacks had caused a series of blackouts in the country, although the claims were disputed.

Last year the US government issued an alert alleging that Russian hackers had conducted a two-year campaign of cyber attacks against the US power grid, as well as other critical infrastructure.

According to the alert, hackers used phishing attacks and malware to gain access into energy sector networks and carry out reconnaissance.

Cyber Security consultant F-Secure recently identified nine attack groups or techniques currently targeting industrial control systems in energy companies.

One of the attack groups, the BlackEnergy Group, uses malware to gain control of SCADA systems used by power generation and distribution companies.

Another group, known as APT33, has been linked to a cyber attack against an Italian oil and gas company in December 2018, as well as previous attacks against energy companies in the Middle East.

Relentless Attacks

A recent report by the Ponemon Institute concluded that cyber attacks against operational technology (OT) used in critical infrastructure are now “relentless and continuous”.

Almost all of the 701 security professionals in the OT sector, surveyed by Ponemon, had experienced a cyber attack, while most had suffered a data breach and/or significant disruption to business.

Some 90% of companies surveyed said they had been hit by a damaging cyber attack in the past two years, while 62% experienced two or more attacks.

Attacks against OT were also among the most feared threats in the survey – some 63% said an attack involving IoT or OT assets was of most concern, just below the most feared threat of third party misuse or unauthorised sharingof confidential data (65%).

More than one-fifth (21%) of OT sector organizations list a nation-state attack as one of their top threats.

Sign up to our latest  News & Insights

More than half of those surveyed had experienced an attack that resulted in downtime to plant and/or operational equipment; while 53% reported that an employee succumbed to a phishing scam resulting in credential theft in the past two years.

Almost half (45%) had experienced an attack against IoT or OT assets, while over a third (37%) experienced significant disruption to business processes caused by malware.

Almost a quarter (23%) believed they had been affected by nation-state attacks and 21% had been targeted by ransomware or cyber extortion.

On a more positive note, the Ponemon survey found high levels of executive involvement with the evaluation of cyber risk (60% of respondents report that C-level executives are involved).

Almost half (48%) took steps to quantify risk from cyber events, of which 50% said downtime of OT systems is the biggest factor used to quantify risk.

However, only 20% felt they had sufficient visibility into their organization’s attack surface.



  • Sarah StephensSarah Stephens

    As part of Marsh JLT Specialty's London-based Financial Lines Group, Sarah and her team work both directly with our clients and with network colleagues and independent partners to make sense of cyber, technology, and media E&O (PI) risks and create leading edge bespoke insurance solutions in the London market.

    Prior, Sarah spent 12 years with Aon in a variety of roles. Her last role at Aon was Head of Cyber & Commercial E&O for the Europe, Middle East, and Africa (EMEA) Region, working with colleagues across business groups and clients in the region to identify, analyse, and drive awareness of cyber risks, exposures, and both insurance and non-insurance solutions.

    Previously, Sarah spent seven years with Aon’s US Cyber and Errors & Omissions practice group thinking nonstop about cyber insurance way before it was cool. Her first four years at Aon were spent in the Account Management group working with large clients and developing a keen eye for excellent client service.

    For further information or to learn more about cyber insurance, contact Sarah Stephens, Head of Cyber, on +44 (0)20 8108 9541.

  • For more articles like this, download our Cyber Decoder

    Share this article