Left in the Dark: The Ukrainian Power Grid Outage

A United States investigation into the attack on the Ukrainian power grid last December, found that Russian hackers were well coordinated and conducted a highly sophisticated operation. Officials are concerned that such a scenario could realistically happen in the United States. It was the first known cyber intrusion  to completely knock a power grid offline.

On December 23, 2015, three Ukrainian power distribution companies were all attacked within thirty minutes of one another and caused the lose of power to 225,000 Ukrainians. The impacted sites continue to “run under constrained operations.”

Security experts had already widely concluded that the downing of utilities in western Ukraine last December was the result of an attack. Security experts believe it was the work of hackers utilizing malicious malware to take down the grid.

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)  believe the reason for the outage was due to measured cyber-attack against Ukrainian critical infrastructure. After initially denying that any malware was used to cause the power outage.

The United States (US) has sent a group of officials from the Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and Department of Energy (DOE) to the Ukraine to meet with government officials and develop lessons learned to prevent such attacks in the US.

The U.S. Cyber intelligence firm Isight Partners and other security researchers have linked the attack to a Russian hacker ground known as “Sandworm.”  Sandworm has previously targeted industrial control systems in the Ukraine, the US, and members of NATO.

DHS said its assessment was based on interviews with six Ukrainian organizations affected by the blackout and said its investigators were not able to investigate technical evidence independently.

SANS Incorporated believe the hackers spammed the Ukraine’s utility customer care center with phone calls to prevent real customers to call in and explain the power outage. Some research companies have criticized DHS over their analysis of the situation claiming it was hemmed by legal ramifications.

Anna Dudka, spokeswoman for the Ukrainian Energy Ministry noted the networks had been compromised about six months prior to the outage. The hackers used emails that contained the downloader for the virus “Black Energy” to company employees whose emails were found publically online.

Towards the end of the attack the hackers targeted specific files using malware known as “KillDisk” which renders systems inoperable by wiping out all data. Hackers also interfered with power restoration efforts by keeping critical servers inoperative by remotely disconnecting their “uninterruptable power supply.”

National Security Administration (NSA) and U.S. Cyber Command Chief Admiral Michael Rogers, has previously warned its not a matter if but when hackers will target the United States grid system.

It has been two months since the outage in the Ukraine is still coping with the aftermath of the suspected attack. DHS and security experts can only agree to disagree on what caused this disaster, and with countries looking to attack the US power grid we could be in for something ten times worse than what the Ukraine experienced.