While the government has not yet officially placed the blame on Russia, it seems that suspicions are running higher than ever.
“There’s never been an intentional cyberattack that has taken the electric grid down before,” Robert M. Lee of the SANS Institute told the Times. He also noted that the attack was primarily symbolic in nature — indeed, it seems that the power outage was meant to send a message more than inflict any real damage or harm. “It was large enough to get everyone’s attention,” he said, “and small enough not to prompt a major response.”
But if the same were to happen in the United States, the results may vary drastically. Ted Koppel (formerly of ABC News), pointed out major vulnerabilities in the American electric grid.
“We have 3,200 power companies, and we need a precise balance between the amount of electricity that is generated and the amount that is used,” he said. “And that can only be done over a system run on the Internet. The Ukrainians were lucky to have antiquated systems.”
So to prevent any such attacks from plunging us into darkness in the future, the Department of Homeland Security has made a number of recommendations. As the Times reports, “Make sure that outsiders accessing power systems or other networks that operate vital infrastructure can monitor the system, but not change it; close ‘back doors’ — system flaws that can give an intruder unauthorized access; have a contingency plan to shut down systems that have been infected, or invaded, by outsiders.
Original article and 2-27-2016 update by Lulu Chang:
A new report published Thursday by the DHS Industrial Control Systems Cyber Emergency Response Team suggests that Ukraine’s power outage last Christmas was indeed the result of hacking. This confirms that the occurrence was the first known incident of a power outage caused directly by malicious hacker activity.
It’s still unclear how BlackEnergy malware contributed to the outage, and the new analysis from the DHS states, “… it is important to note that the role of BE (BlackEnergy) in this event remains unknown pending further technical analysis.”
What is known, however, is that “power outages were caused by remote cyber intrusions at three regional electric power distribution companies (Oblenergos) impacting approximately 225,000 customers,” and that the attack was “synchronized and coordinated, probably following extensive reconnaissance of the victim networks.” Each of the attacks took place within half an hour of one another, suggesting a relatively high level of sophistication.
One thing is for sure — the more we learn about this attack, the more concerning it seems.
To recap, a Ukrainian power outage in late December was at the time suspected to be the result of a cyberattack, making the blackout the first ever caused by malware. American officials investigated Russian hackers for their alleged involvement in the scheme, in which at least three different power stations were compromised. Tens of thousands of people were left without power for several hours after the computers used to control the national grid were infected with the BlackEnergy Trojan malware, and many security experts expressed concern over the implications of the attack.
While 2015 exposed major problems in the digital infrastructure of companies across a variety of industries, few of these data breaches resulted in physical consequences (though of course, having your credit card information compromised is serious enough in and of itself). But this hack raised red flags around the issue of digitized warfare, with repercussions that may be more far-reaching than ever before.
“[The attack is] a milestone because we’ve definitely seen targeted destructive events against energy before — oil firms, for instance — but never the event which causes the blackout,” John Hultquist, head of security firm iSIGHT’s cyber espionage intelligence told Ars Technica, at the time the hack occurred “It’s the major scenario we’ve all been concerned about for so long.”
Ukrainian officials believe that a Russian group known as SandWorm is behind the malware attack, as the particular virus used is one that the hackers have been known to employ in the past.
One anonymous American official told the Washington Post that certain questions were being raised about the hack, such as, “What was the process that led up to it? Did we see any key indicators ahead of time?”
Although experts like Michael Assante at the SANS Institute, a cyber-training organization, say the attack was of “low to moderate sophistication,” the incident could still be a worrisome sign of things to come. President Obama has noted previously that the American electrical grid could be vulnerable to attack, and stated that, “In other countries cyber attacks have plunged entire cities into darkness.”
