According to a Freedom of Information Act (FOIA) request the site filed with the Department of Energy (see a copy here, courtesy of Cyberscoop), on March 5, this year, an attacker used a vulnerability in a Cisco firewall to crash the device and break the connection between sPower's wind and solar power generation installations and the company's main command center.
The attack also didn't appear to be targeted in nature. The documents reveal that the hacker didn't continue their attack nor did they breach sPower's network following the initial exploit that crashed the unpatched firewall.
sPower said it mitigated the intrusion by patching outdated devices. A sPower spokesperson was not immediately available for comment for additional details about the incident.
However, despite this being the first publicly reported cyberattack that disconnected a US power provider from its network, the attack is nowhere near the sophistication of the attacks that hit Ukraine's power grid in the winter of 2015 and 2016, when Russian hackers cut power to almost half a million Ukrainians in a power outage that lasted hours.
Based on public reporting and insight shared with this reporter, foreign hackers have increased their attacks on the US energy sector; however, acts of intentional sabotage have not yet taken place, and most of the intrusions have been basic reconnaissance operations or intellectual property theft.