U.S. Power Company Fined $2.7 Million for Security Flaws

U.S. Power Company Fined $2.7 Million for Security Flaws

According to an electronic filing, an unidentified American power company has reached a settlement to pay a $2.7 million penalty over significant security flaws that could have allowed hackers to gain remote access to their systems.

According to an electronic filing, an unidentified American power company has reached a settlement to pay a $2.7 million penalty over significant security flaws that could have allowed hackers to gain remote access to their systems.

According to a Notice of Penalty filed by the North American Electric Reliability Corporation, power regulators reached a settlement with the unidentified company after a security researcher found that more than 30,000 company records online were accessible without a password or any other protections. The company’s name was not disclosed.

“These violations posed a serious or substantial risk to the reliability of the bulk power station,” the filing says. The data associated with the exposure affected critical assets, including systems that control access to the unnamed company’s “control centers and substations, and a supervisory control and data acquisition (SCADA) system that stores [critical cyber asset] information.”

According to the filing, the data included usernames and “cryptographic information” of those usernames and passwords, and was exposed online for 70 days.

“Exposure of the username and cryptographic information could aid a malicious attacker in using this information to decode the passwords,” the filing said. “A malicious attacker could use this information to breach the secure infrastructure and access the internal [critical cyber assets] by jumping from host to host within the network.”

The $2.7 million penalty is pending approval of the Federal Energy Regulatory Commission.

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.