Corporate debt recently passed the $1 trillion mark in a continuing sign of global financial displacement.Marketsread more
"Federal debt, which is already high by historical standards, is on an unsustainable course," CBO director Phillip Swagel said in the report.Politicsread more
Target CEO Brian Cornell still thinks the U.S. consumer is strong and spending. Target's latest quarterly results showed the big-box retailer is benefiting from that.Retailread more
Stocks rose on Wednesday as strong quarterly results from retailers such as Target and Lowe's lifted investor sentiment.US Marketsread more
President Trump insists the economy is healthy and says the only thing holding U.S. growth back is the Federal Reserve.Marketsread more
Trading volumes this week are well below their recent averages and that means this comeback may be suspect.Marketsread more
The rule could defy a 2015 Flores Settlement Agreement court order that says families cannot be held in detention for more than 20 days.Politicsread more
Bank of America CEO Brian Moynihan is not worried about an economic slowdown, saying the U.S. consumer is still in a strong place.Banksread more
In a second-round of tweets aimed at the U.S. central bank, the president asked, "WHERE IS THE FEDERAL RESERVE?"Marketsread more
J.P. Morgan Chase customers will no longer be able to pay with their phones in stores beginning next year.Marketsread more
Electrical grid operations in two huge U.S. population areas — Los Angeles County in California, and Salt Lake County in Utah — were interrupted by a distributed-denial-of-service attack in March, according to the Department of Energy's Electric Emergency and Disturbance Report for March.
The attack did not disrupt electrical delivery or cause any outages, the Department of Energy confirmed, but caused "interruptions" in "electrical system operations." In this case, "operations" does not refer to electrical delivery to consumers, but could cover any computer systems used within the utilities, including those that run office functions or operational software.
Although the attack did not interrupt service, denial-of-service attacks are easily preventable, and most large organizations no longer consider them major threats. The fact that it succeeded calls into question whether the utilities are prepared for a far more sophisticated attack, as the U.S. government has warned about.
A Department of Energy official told CNBC, "DOE received a report about a denial-of-service condition that occurred at an electric utility on March 5, 2019, related to a known vulnerability that required a previously published software update to mitigate. The incident did not impact generation, the reliability of the grid or cause any customer outages."
The incident, which happened between 9:12 a.m. and 6:57 p.m., also interrupted electrical system operations in Kern County, California, and Converse County, Wyoming.
Distributed denial of service, or DDoS, involves delivering a heavy stream of information and internet traffic, usually with the help of a network of hacked computers, to overwhelm the systems of a target.
DDoS attacks are one of the simplest forms of cyberattack to execute. They used to be very common, but there are common practices in place to prevent them, and most large organizations have practically eliminated them as threats. The fact that such an easily preventable attack succeeded against a system serving such a large electrical distribution area is cause for concern, especially because energy is one of the U.S. government's most important "critical infrastructure" sectors, making these utilities subject to the strongest protections.
The DOE has not released any information on the origins of the attack. Several countries, including Russia, Iran and China, have been cited by U.S. government authorities as sponsoring attacks against the U.S. electric grid, often with the goal of infiltrating the network or gathering intelligence.
But a DDoS is a relatively unsophisticated type of attack, meant to take down a computer network quickly. That means the culprit could be almost anybody, from a single individual to a larger group.
"DDoS is the low-hanging fruit in the hacker world. It's very loud and it's easy to detect quickly. The ones that are operating at the nation-state level don't need to use DDoS," said Chris Grove, director of industrial cybersecurity at Indegy, a utility and industrial systems cybersecurity company. "If this was a nation-state attack, they wouldn't pull off a DDoS attack to take it down, they'd probably do a better job."
This is the first reported cyberdisruption by the Department of Energy in 2019.
Last year, the DOE reported four reported cyber-events. One of them, like the March 5 incident, caused interruptions of electrical system operations in Michigan's Midland and Genesee counties. The other three were reported as "could potentially impact electric power system adequacy or reliability."