Experts suggest Ukrainian hack likely portends future attacks
On December 17, 2016 a large section of the city of Kiev in the Ukraine lost power. It was cold that night – just 18 degrees Fahrenheit – so it the citizens and the power company officials were relieved when it was restored after just an hour and fifteen minutes.
But it’s not the outage that is the story in Kiev, but rather the reason for it and the future it foreshadows.
An official with the Ukrainian power company told Reuters that the power distribution center “unexpectedly switched off,” and that “this kind of blackout is very, very rare.”
It is widely suspected that the outage was caused by a Russian state-sponsored cyber attack — due to ongoing political turmoil between the countries. But while the source may not be known for certain, it seems clear that a hacker obtained admin credentials, took control of a computer system at a substation, and brought down part of the Ukrainian power grid.
According to CBS News, the electric control center manager said, “when hackers took over their computers, all his workers could do was film it with their cell phones.”
According to the report: “The hackers sent emails with infected attachments to power company employees, stealing their login credentials and then taking control of the grid’s systems to cut the circuit breakers at nearly 60 substations.”
A similar outage occurred about the same time last year leaving 225,000 Kiev residents without power or heat at Christmas. That event has been linked to Russia and a state-sponsored attack.
Is the U.S. grid safe from cyber attack?
In both the Ukrainian instances, the power was returned relatively quickly. If it had remained out for days, it certainly could have resulted in loss of life and significant social and economic disruption. Instead it was more a warning of things that may be to come.
The world’s power grid, including that of the U.S., is considered an attractive target to cyber attacks. Like other data breaches, the compromise of login credentials – particularly privileged user credentials – was the weak link in Kiev. And they are likely one of the weak links at locations around the globe.
Standards and guidance have been issued in recent years aimed at increasing both the physical security and cyber security of the power grid in the U.S. But the nature of a “grid” involves interconnected parts and cooperation between components. Interconnection creates the proverbial ‘chain and its weakest link’ scenario.
It would be nice to simply shut of all remote access to critical controls – limiting these functions to people physically inside the location. Then it would be a straightforward process to vet and lock down access via ultra-strong location-based authentication in the way the recent PLAI specification suggests. But this would eliminate key procedures, safety valves so to speak, that let parts of the grid be ramped up or cycled down automatically or remotely when needed.
In the same way consumers need strong authentication, the grid will require authentication that is truly strong and can facilitate the remote access that keeps the grid functional.
Articles on securing the power grid from cyber attack:
New standards to increase physical security of critical power grid