On March 5, between 9 a.m. and 7 p.m. in some parts of California, Utah, and Wyoming, a “cyber event” caused the interruption of energy grid operations, according to a Department of Energy report first uncovered by E&E News.
The report is cryptic at best, and the Department of Energy has not responded to a request by Motherboard for more information about the incident. A “cyber event,” according to infrastructure hacking experts, could be anything from hackers messing with the grid remotely, to a much less dramatic hardware or software bug.
It’s also unclear which utility company suffered the incident, as the report does not specify.
Patrick Miller, a critical infrastructure security expert, explained to Motherboard that utility companies have to report cyberattacks in an OE-417 Electric Emergency and Disturbance Report, a document put together by the Department of Energy to track energy incidents and emergencies. Miller said that the fact that the company reported the incident in an OE-417 means “it had to actually disrupt operations.”
“Few organizations file those forms out of an abundance of caution (or just for fun),” Miller said in an online chat.
Do you know anything about this incident? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
That doesn’t mean reported interruption of energy grid operations was a “Cyber 9/11” or “Cyber Pearl Harbor” scenario that some government officials have warned about for years. Critical infrastructure experts have long said that a scenario where hackers take down large swaths of the grid for a long or at least disruptive period of time—causing physical damage—is relatively unlikely, and there’s no reason to panic just yet.
The fact that a utility company reported a "cyber event" also doesn't necessarily mean it was hacked. In 2018, Michigan utility Consumers Energy reported a “Cyber event that causes interruptions of electrical system operations” after an employee mistakenly caused a blackout. Also in 2018, two more “cyber” events were reported in the OE-417 Electric Emergency and Disturbance Report, but these other two (in Pennsylvania and Florida) used the wording “could potentially impact electric power system adequacy or reliability” (the one in California, Utah, and Wyoming did cause an outage, according to the report.)
However, a disruptive infrastructure-related cyber attack has happened before. In 2015, Russian hackers shut down parts of the electrical grid in Ukraine, but that was an isolated incident that isn’t necessarily easy to replicate in the United States, according to experts.
“The western grid has a bunch of really long-haul transmission lines. All of the generation in the middle of nowhere like Wyoming, Utah, Nevada pretty much leads directly to southern California,” Miller told Motherboard in an online chat. “If [this “cyber incident”] were big enough of an impact, you'd see fairly widespread outages over multiple states. This didn't happen. That, and the gossip/rumor mill inside the industry hasn't been chatty from what I can see.”
In other words, this may be hackers messing with the power grid like the Russians did in Ukraine, but it may also be something less nefarious. So, no time to panic—or call Bruce Willis—just yet.
Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.