Ukraine's power outage was a cyber attack: Ukrenergo

[Disassembled 249]

Ukraine's power outage was a cyber attack: Ukrenergo

 

 

 

Dispatchers are seen inside the control room of Ukraine's National power company

 

A power blackout in Ukraine's capital Kiev last month was caused by a cyber attack and investigators are trying to trace other potentially infected computers and establish the source of the breach, according to utility Ukrenergo on Wednesday.

 

When the lights went out in northern Kiev on Dec. 17-18, power supplier Ukrenergo suspected a cyber attack and hired investigators to help it determine the cause following a series of breaches across Ukraine.

 

Preliminary findings indicate that workstations and Supervisory Control and Data Acquisition (SCADA) systems, linked to the 330 kilowatt sub-station "North", were influenced by external sources outside normal parameters, Ukrenergo said in comments emailed to Reuters.

 

"The analysis of the impact of symptoms on the initial data of these systems indicates a premeditated and multi-level invasion," Ukrenergo said.

 

Law enforcement officials and cyber experts are still working to compile a chronology of events, draw up a list of compromised accounts, and determine the penetration point, while tracing computers potentially infected with malware in sleep mode, it said.

 

The comments make no mention of which individual, group or country may have been behind the attack.

 

"It was an intentional cyber incident not meant to be on a large scale... they actually attacked more but couldn't achieve all their goals," said Marina Krotofil, lead cyber-security researcher at Honeywell, who assisted in the investigation.

 

In December 2015, a first-of-its-kind cyber attack cut the lights to 225,000 people in western Ukraine, with hackers also sabotaging power distribution equipment, complicating attempts to restore power.

 

Ukrainian security services blamed that attack on Russia.

 

In the latest attack, hackers are thought to have hidden in Ukrenergo's IT network undetected for six months, acquiring privileges to access systems and figure out their workings, before taking methodical steps to take the power offline, Krotofil said.

 

"The team involved had quite a few people working in it, with very serious tools and an engineer who understands the power infrastructure," she said.

 

The attacks against Ukraine's power grid are widely seen by experts as the first examples of hackers shutting off critical energy systems supplying heat and light to millions of homes.

 

“The calculations are that it costs the same, but sustainability for our consumers and ourselves is the biggest gain. I hope it will take off with more products and also non-organic. I can only imagine what a bigger retailer would be able to save. I really hope it spreads.”

 

Among other things I've done, I've worked with SCADA and know a little about it's workings. Though the use of the technology could have been different for the applications I worked with. However the basic tech remains the same. It is based on old telcom technology coupled with software and computers.

 

The sensors are more accurate, easier to scale to use, more dependable, and can be accessed remotely, depending on need 200 or 300 miles is the same as being on location for access to control panels, with the exception of some lag, unlike their analogue counterparts. Due to weather related conditions sometimes we had to abandon the work site, when we did, we didn't go home to wait the weather out, we went to an engineer's headquaters and continued to monitor/operate until the weather cleared. It was done through SCADA.

 

SCADA is not hooked straight to the internet in properly secured networks. It's hooked to the company's intranet which is like a huge LAN, in our case, scrambled and secured with CITRIX for outside to inside access and isolated setup, meaning that it has it's own network and computers without direct access to the internet.

 

Part of the problem, is that not everyone hardens their networks. Not everyone of them isolate from the internet at large (it's a best practices for security) and even if they did, SCADA companies have been found guilty of hard coded passwords and backdoors for remote access to specially configured routers. In the last few years they have been upgrading and fixing these issues as hacking of SCADA has arrived on the scene.

 

When you have say an engine, governed and monitored through digital sensors, it controls the limits of the engine. Something like a low oil pressure could shut that engine down thus saving the engine from being ruined. But what if it ran low on oil and the sensor was bypassed not to work? That can be done electronically in industry applications as sometimes regular testing is required on the sensor to make sure it works without shutting down the process. If no one is there to monitor, the engine could be over-sped through the governor while the low oil sensor was electronically bypassed. A leaky engine, without auto-oiling, would eventually go into low oil condition.

 

Now expand this to traffic lights, railroad switching, electricity generation, city water pumping and filtering, and in the potential future, autodriving vehicles.

[Tech 425 3,942]

Sorry I pulled the wrong plug out