Cyber-security incident at US power grid entity linked to unpatched firewalls

A cyber-security incident that impacted a US power grid entity earlier this year was not as dangerous as initially thought, the North American Electric Reliability Corporation (NERC) said last week. In a report highlighting the "lessons learned" from a past incident, NERC said hackers repeatedly caused firewalls to reboot for about ten hours, on March 5, 2019. The incident impacted firewalls deployed at multiple power generation sites operated by a "low-impact" operator and did not cause any disruption in the electric power supply. The incident only impacted network perimeter firewalls, which, on March 5, were mysteriously going down for periods of up to five minutes. The firewall reboots continued for hours, prompting the power grid operator to start an investigation. "Subsequent analysis determined that the reboots were initiated by an external entity exploiting a known firewall vulnerability," NERC said.