In an expanded article published by Law360, Jack Pringle examines the factors behind a cyberattack of a Utah-based renewable energy company, the first such attack of its kind in the United States.
A grid control center was subject to a denial of service attack that caused the firewalls to reboot repeatedly, and the resulting crash broke the connections between the provider's grid control system and wind and solar generation installations in three states.
As Jack notes in his piece, the firewall that enabled hackers to exploit the system was unpatched. The attack underscores the need to regularly evaluate systems and security to ensure firmware vulnerabilities are addressed.
Further, Jack notes that energy companies must harness the power of technology and human skills (security awareness, incident response readiness and capability and implementing necessary policies) to strengthen security programs and respond to evolving threats.