'Cyber Disruption' Affected Parts Of U.S. Energy Grid
SCOTT SIMON, HOST:
There's been a disruption in part of the U.S. energy grid, and it appears to have been a first-of-its-kind cyberattack. It happened in March. We know about it because the utility reported it to the Department of Energy, and that report caught the attention of Blake Sobczak of E&E News. He joins us in our studios. Thanks so much for being with us.
BLAKE SOBCZAK: Thank you for having me on the program.
SIMON: There was a disruption - right? - in Utah, Wyoming and Southern California but not a power outage or anything that customers noticed. What effect did it have?
SOBCZAK: That's correct. There was a disruption, but it did not lead to any blackouts or really, as far as we know, any halt in the flow of electricity there. What likely happened here was what's called a loss of visibility. There was a denial-of-service attack against some part of the utilities network infrastructure, and that basically led operators to not be able to see what was going on in the grid. So it's sort of like driving with blinders on. As long as nothing crazy happens, you should be fine, but it certainly constitutes a disruption and a reportable event here to the Department of Energy.
SIMON: And a possible danger, obviously.
SOBCZAK: It does pose a hazard, and that's why the Department of Energy actually requires utilities to report if they experience a cyberattack within one hour of the event itself. And so this is really the first time that we've seen a utility tell regulators at the DOE, at the Department of Energy, hey, hackers disrupted some part of our operations. And in this case, again, it appears that that was related to visibility as to what was happening on the grid there.
SIMON: Do you know the utility?
SOBCZAK: We do not know the utility. And what's interesting is this affected a pretty wide geographic area - Utah, Wyoming and California - Southern California. And so there aren't too many utilities with that kind of geographic footprint. And I reached out to several, and they all basically denied filing this report.
SIMON: And obviously no way of knowing if it were - if the hackers were freelancers or agents of a government or a terrorist group.
SOBCZAK: It's really hard to say much about the hackers at this point, that's correct. Presumably, the utility that was affected by this is investigating and is really, you know, calling in perhaps the FBI to look at this. What we do know is that the type of attack that this was was what's called a denial of service. And it can be a little bit of a simpler attack, so we don't know whether, for instance, these were Russian hackers or sophisticated nation state-backed spies doing this. It really could have been somebody with a fairly rudimentary understanding of how to launch this type of attack.
Now, a denial-of-service attack works by flooding target networks with traffic so that you can't tell what's legitimate from what's not. So in the case of a public website, a hacker might just bombard it with requests to visit that page until normal users can't actually access it. So if you're ever having trouble logging onto a site or accessing it, you know, maybe that site's under a denial-of-service attack. In this case, the denial of service exploited a particular vulnerability, so it was a little bit more targeted than that. The hacker or hackers knew what they were doing and were able to actually find a particular flaw in this network equipment and send a certain type of packet or string of data to really make it stop working.
SIMON: There was, of course, reportedly in, I guess, 2015 an attack in Ukraine where the lights went out - reportedly mounted by Russia. How susceptible is the U.S. energy infrastructure and grid?
SOBCZAK: So what can be said about the U.S. grid is it's an enormously complicated, huge machine. A lot of people consider it to be the most complex machine ever built by humankind. And so that means there's a lot of resiliency built into it. It'd be very difficult to disrupt the grid in a big way from a cyberattack. However, we actually heard earlier this year - U.S. Director of National Intelligence Dan Coats warned that foreign hackers backed by perhaps nation states like China and Russia could cause localized temporary disruptions in U.S. critical infrastructure to include the power grid. So I think what intelligence officials are worried about and what utilities are potentially seeing is a small-scale hack causing perhaps a temporary power outage but nothing more, which, in and of itself, is still certainly noteworthy and alarming that our level of connectivity is such that hackers can have this power.
SIMON: Blake Sobczak, a reporter for E&E News, thanks so much for being with us.
SOBCZAK: Thanks for having me on.
NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.