"Cyber-Security Incident at US Power Grid Entity Linked to Unpatched Firewalls"

A recent report published by the North American Electric Reliability Corporation (NERC) discusses the cause of a cybersecurity incident that occurred earlier this year in which a U.S. power grid was impacted. According to the report, the incident only affected network perimeter firewalls and did not disrupt the supply of electricity. Hackers exploited a known firewall venerability in order to cause the firewalls to repeatedly reboot for multiple hours. The power grid operator found that the these firewalls did not receive firmware updates, highlighting the need to improve the process for reviewing and implementing such updates. NERC has given recommendations for companies pertaining to the management of firewalls and patches, which include constantly monitoring for firewall updates, using VPNs (virtual private networks), implementing network segmentation, and more. This article continues to discuss the cyberattack that disrupted firewalls at a U.S. power utility and suggestions for companies on how to avoid such attacks. 

ZDNet reports "Cyber-Security Incident at US Power Grid Entity Linked to Unpatched Firewalls"