Days before Christmas in 2015, remote hackers took control from Ukrainian grid operators and by digitally commandeering substations, shut off power for 225,000 customers for several hours. Then, in mid-December of last year, hackers developed a malicious code that, without any real-time human support, disrupted a Kyiv transmission station and caused a substantial blackout that lasted roughly an hour in the capital—in the first fully automated grid attack ever seen.
With Christmas time approaching again, eyes of security experts are on energy companies in the Ukraine and the Russian teams they believe to be responsible for all the attacks. Experts have concerns this month over the implications another attack could have worldwide.
Robert Lee, the CEO and founder of the industrial-cybersecurity firm Dragos which has analysed both of the Ukraine grid attacks, says that in recent weeks he has observed an unusual spike in activity in Ukraine by the same group of developers who engineered the malware used in the 2016 attack. Lee says that this is perhaps a sign that another attack could be coming this Christmas period.
“What worries me most about Russia is not its technology, but its audacity and their willingness to cross the line,” Chris Inglis, who served as the deputy director of the US National-Security Agency from 2006 to 2014 told The Atlantic.
In an email to SC Media UK, Andrea Carcano, founder and chief product officer at Nozomi Networks commented: “The Ukraine attacks of 2015 & 2016 left Kyiv residents in the cold, a situation that reverberated to utilities around the globe. You can imagine the board-level discussions that started with “Could this happen to us?”, The Ukrainian incidents motivated power companies to redouble their efforts to improve their cyber-security programmes and increase investments. In-depth analysis available from the Ukrainian attacks made it clear that utilities needed to take several steps to get visibility and situational awareness into industrial control systems (ICS) that operate critical aspects of power generation and transmission.
“It is key for utilities and other critical infrastructure operators to apply artificial intelligence and machine learning to detect systems anomalies and unusual network behaviour that would indicate the earliest stages of an attack. As power companies deploy these latest innovations for industrial monitoring and detection, they will be able to more quickly respond to block attackers before they can do significant harm. The Kyiv situation served as a wake-up call to the power industry and highlighted the imminent need for power companies globally to harden their defences and take the steps needed to detect and protect their customers from cyber-attacks that might turn the lights out elsewhere.”