Critical Infrastructure Security, Threat Management, Network Security, Network Security

Denial of service event impacted U.S. power utility last month

May 3, 2019

An apparent cyberattack on March 5 caused disruptions at a western U.S. electric utility by creating a denial of service condition, according to an official summary of Electric Disturbance Events reports processed by the U.S. Department of Energy (DOE) this year.

The victimized power company has not been identified, but the incident lasted from 9:12 a.m. to 6:57 p.m. that day, affecting system operations in Kern and Los Angeles Counties in California, Salt Lake County in Utah, and Converse County in Wyoming. However, the event "did not impact generation, the reliability of the grid or cause any customer outages," E&E News reported this week, quoting a DOE official.

Additional reports quoted a DOE spokesperson as saying that the DoS condition stemmed from a "known vulnerability that required a previously published software update to mitigate." The spokesperson added that the DOE "continues to work with our industry partners through the ISACs to ensure the dissemination of the appropriate mitigation information to manage their associated risks."

It remains unclear who in this case was responsible for interfering with operations. However, cyber experts agree that defending critical infrastructure facilities must remain a high priority, especially in light of recent government warnings about state-sponsored foreign cyber actors targeting the energy sector.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Learn More

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Breach

Over 882K impacted by Hospital Sisters Health System breach

SC StaffFebruary 10, 2025

Attackers who breached HSHS' systems from Aug. 16 to Aug. 27, 2023, were able to exfiltrate varying types of data from individuals, including a combination of names, birthdates, addresses, Social Security numbers, driver's license numbers, medical record numbers, health insurance details, and treatment information, said the health system.

Today’s columnist, Steve Wilson of Exabeam, explores the concept of “fair use” when it comes to AI data. (Adobe Stock)

AI/ML

Hugging Face compromised with malicious AI models

SC StaffFebruary 10, 2025

Both malicious packages resembling proof-of-concept models were not identified by Hugging Face's Picklescan security tool due to differences in compression format with PyTorch, as well as a security issue that prevented the proper scanning of Pickle files that could facilitate compromise, according to a report from ReversingLabs.

(Credit: monticellllo – stock.adobe.com)

Vulnerability Management

CISA warns Trimble Cityworks customers of actively exploited RCE flaw

Laura FrenchFebruary 7, 2025

Immediately patching is recommended due to the risk of RCE on Microsoft IIS web servers in critical infrastructure sectors.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news