Ukraine Blackout Was Caused by ‘Premeditated and Multi-Level' Cyber Attack

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Ukraine's national power company Ukrenergo says a blackout in Kiev on December 17 and 18, 2016 was caused by a cyber attack, Reuters reports.

Preliminary findings from an investigation determined that workstations and SCADA (supervisory control and data acquisition) systems at a 330 kilowatt substation were hit by external attackers.

"The analysis of the impact of symptoms on the initial data of these systems indicates a premeditated and multi-level invasion," Ukrenergo said.

The company hasn't said whether it has linked the attack to any specific group or nation state.

Honeywell lead cyber security researcher Marina Krotofil, who assisted with the investigation, told Reuters the attackers "actually attacked more but couldn't achieve all their goals."

Krotofil said the attackers hid in Ukrenergo's network undetected for six months before they caused the blackout. "The team involved had quite a few people working in it, with very serious tools and an engineer who understands the power infrastructure," she said.

A previous cyber attack in December 2015, blamed on Russian hackers, caused blackouts affecting 225,000 people in western Ukraine and damaged power distribution equipment.

"Cyber attacks that cripple critical infrastructures continue to grow at a rapid pace -- the repeated attacks on power plants in Ukraine, resulting in a loss of power to hundreds of thousands, [are] just the latest example," Dtex Systems CEO Christy Wyatt told eSecurity Planet by email.

"It is crucial for all public and private sector organizations to focus on not only mitigating these attacks, but preventing nation state actors from gaining access to their networks in the first place," Wyatt added.

A recent Tripwire survey of more than 200 IT professionals working for state and local governments in the U.S. found that 98 percent of respondents consider smart cities to be at risk for cyber attacks.

Thirty-eight percent of respondents said smart grids have the greatest cyber security risks compared to other smart city services -- and while 20 percent said they have smart city initiatives in place for their smart grids, 55 percent believe cities don't devote adequate cyber security resources to smart city initiatives.

When asked why there's a lack of cyber security resources for smart city initiatives, 61 percent of respondents cited budget, and 60 percent said politics interfere with decision-making.

"Security isn't usually glamorous, and it can be difficult to sell the need for added time and cost on a project, even when it's to ensure that services are secure," Tripwire senior director of IT security and risk strategy Tim Erlin said in a statement. "Smart city initiatives are pushing the technological envelope for urban infrastructure management, and it's clear from the survey results that cyber security is being left out of the conversation."

A recent eSecurity Planet article examined five essential best practices for IoT security.