[ exact phrase in "" • results by date ]

[ Google-powered • results by relevance ]


Add NWW headlines to your site (click here)

when your community is targeted

Get weekly updates

RSS feeds and more

Keep Wind Watch online and independent!

Donate via Stripe

Donate via Paypal

Selected Documents

All Documents

Research Links


Press Releases


Campaign Material

Photos & Graphics


Allied Groups

Wind Watch is a registered educational charity, founded in 2005.

News Watch Home

First-of-a-kind U.S. grid cyberattack hit wind, solar 

Credit:  Blake Sobczak, E&E News reporter | Published: Thursday, October 31, 2019 | www.eenews.net ~~

A Utah renewable energy developer was hit by a first-of-its-kind cyberattack that briefly cut contact to a dozen wind and solar farms this spring, according to documents obtained by E&E News under the Freedom of Information Act.

Salt Lake City-based sPower suffered “denial of service” attacks on March 5 that left grid operators temporarily blinded to generation sites totaling 500 megawatts, the documents show.

Hackers did not cause any blackouts or generation outages, according to sPower, which says it’s the biggest private solar power operator in the United States. The cyberattack took advantage of a known weakness in Cisco firewalls to trigger a series of five-minute communications outages over a span of about 12 hours, according to an emergency report sPower filed with the Department of Energy at the time of the disruption that was not publicly released. Denial-of-service attacks flood target devices or websites with bogus traffic to crash them.

The cybersecurity incident is the first confirmed to have caused “interruptions of electrical system operations,” based on DOE records. Experts say the hackers behind the attack may not have known they were affecting the power grid, based on the fact that Cisco firewalls are used in a range of industries and are a popular target of opportunity when left exposed to the internet.

In September, the North American Electric Reliability Corp. posted a document revealing that the attack created blind spots at a grid control center, but it was not known until now which specific company was affected (Energywire, Sept. 6).

“sPower has reviewed log files and has found no evidence of a breach beyond the [denial-of-service] attack,” said Matthew Tarduogno, an official in DOE’s Office of Cybersecurity, Energy Security and Emergency Response, in a March 8 email obtained by E&E News. “Additionally, the incident did not have any impacts on operations.”

Tarduogno said he was providing DOE’s intelligence officials with updates “and they are ready to investigate any indicators, as appropriate, and have been checking for any related incidents.”

A DOE official said in a statement today that while the agency offered to investigate, “the reporting entity did not provide any further data to DOE.”

“Additionally, at this time, DOE is not aware of any related incidents in the energy sector,” the official said, adding that grid security officials outside the agency also issued a bulletin on the event. “Overall, the incident did not impact generation, the reliability of the grid, or cause any customer outages.”

Lara Hamsher, government relations and communications manager at sPower, said in a statement that the company investigated the case and improved its systems since March 5 to “help ensure as much uptime as possible.”

“These interruptions had no impact to generation and did not cause electrical system separation,” she said in an emailed statement.

‘Pain’ possible

Cybersecurity experts say the March 5 attack underscores emerging dangers to power companies worldwide (Energywire, May 6).

In 2015, hackers knocked out electricity to several hundred thousand people in Ukraine in an unprecedented cyberattack. The attackers, later linked to the Russian government, also swamped their targets’ phone lines with calls in a “telephone denial of service” aimed at hampering recovery. The three power companies hit in that attack managed to restore electricity in a few hours.

“In isolation, impacting network communications is probably not that huge of a deal,” said Joe Slowik, principal adversary hunter at industrial cybersecurity firm Dragos Inc.”But as a sort of pop-up or amplifying effort, things can get really interesting.”

He pointed to the record-smashing electricity demand in Texas this summer as the state experienced a heat wave (Energywire, Aug. 14). Given the region’s heavy reliance on wind power, any communications outages there “would have been a big deal, because that could have resulted in a generation gap that would have led to some pain,” Slowik said.

For its part, the sPower wind and solar sites affected by the March 5 cyber event spanned Wyoming, California and Utah, where the company’s 24/7 grid control center and headquarters are located. sPower’s 106.3-MW Solverde project in Lancaster, Calif., and its 80-MW Pioneer Wind Park in Glenrock, Wyo., were among the sites to face communications problems.

sPower is owned as a joint venture between Virginia-based utility AES Corp. and Canadian investment manager AIMCo. Neither parent company responded to requests for comment yesterday.

Wind and solar projects aren’t designed to stop feeding power into the grid if operators lose contact with them. Communications outages of 30 minutes or more are fairly common because of power outages and other glitches, even at much larger grid control centers, and rarely lead to blackouts, based on DOE grid disturbance records.

Still, wind and solar generation sites pose some unique challenges compared with natural gas, coal or nuclear plants that are staffed around the clock.

“They rarely have anyone on-site,” said Patrick Miller, managing partner at Archer Energy Solutions. “Any troubleshooting for things like this will often require a fair amount of windshield time for someone or several people. This could easily exacerbate the impacts to incident response and forensic capabilities.”

Source:  Blake Sobczak, E&E News reporter | Published: Thursday, October 31, 2019 | www.eenews.net

This article is the work of the source indicated. Any opinions expressed in it are not necessarily those of National Wind Watch.

The copyright of this article resides with the author or publisher indicated. As part of its noncommercial educational effort to present the environmental, social, scientific, and economic issues of large-scale wind power development to a global audience seeking such information, National Wind Watch endeavors to observe “fair use” as provided for in section 107 of U.S. Copyright Law and similar “fair dealing” provisions of the copyright laws of other nations. Send requests to excerpt, general inquiries, and comments via e-mail.

Wind Watch relies entirely
on User Funding
   Donate via Stripe
(via Stripe)
Donate via Paypal
(via Paypal)


e-mail X FB LI M TG TS G Share

News Watch Home

Get the Facts
© National Wind Watch, Inc.
Use of copyrighted material adheres to Fair Use.
"Wind Watch" is a registered trademark.


Wind Watch on X Wind Watch on Facebook Wind Watch on Linked In

Wind Watch on Mastodon Wind Watch on Truth Social

Wind Watch on Gab Wind Watch on Bluesky