Ultra Intelligence & Communications

Ukraine’s Power-Grid Failure Confirmed as Cyber-Attack. Now What?

March 18th, 2016 / By

Like many in the business of cybersecurity for industrial control systems (ICS), I’ve been closely following this winter’s cruel and expertly executed hack in Ukraine that left more than 200,000 people in the cold and dark two days before Christmas. The first confirmed cyber-attack to shut down a power grid, the Ukraine assault demonstrated that a motivated enemy can, and will, break through standard cyber-defenses to further an agenda in ways that are not soon forgotten.

The March edition of Wired Magazine featured a riveting account of the hack[1]. In the article, author Kim Zetter observed that Ukraine control systems are “surprisingly more secure than some in the US.” Zetter also cites expert suspicions that the attack, almost certainly state sponsored, may have begun with sophisticated criminals, possibly politically unaffiliated, who devoted significant resources over weeks or months to gain credentials and other footholds before passing their work to a hostile nation-state. In any case, determined foes sought to unleash misery on an innocent populace through critical-infrastructure collapse.

Given our country’s thick roster of enemies, US military and civilian leaders have shown heightened concern for our ICS security, now that the geopolitical playing field has been marred by a deviously successful power-grid takedown. In December, as you can read on UltraTalk, the Department of Homeland Security (DHS) issued seven recommendations for cyber-securing ICS. In February, Secretary of Defense Ash Carter was asked to add ICS security to the cyber scorecard.

For at least ten years, many organizations in the private sector have offered a range of technologies and products that might have helped Ukraine prevent or quickly correct the breach. As one such company, 3eTI has a particularly relevant perspective. We have helped cyber-secure ICS for two-plus decades throughout governmental and military systems and facilities. For that reason, and at the risk of seeming disingenuous or self-promoting, I feel justified in pointing out how one set of tools that I know well would have prevented the power-grid collapse in Ukraine.

For example:

  1. 3eTI’s CyberFence uses certificates, not passwords, with the private key stored in the CyberFence device. There is nothing available to be stolen that will afford remote access.
  2. 3eTI would have been able to filter out the firmware re-write operation. Doing so would have prevented that element of the attack.
  3. A core functionality of 3eTI’s CyberFence product line prevents the reconfiguration of machines akin to Ukraine’s UPS (uninterruptible power supply) devices.
  4. The remote access that allowed hackers to switch off system breakers breached the network as a legitimate command; 3eTI products would not countermand legitimate commands. However, CyberFence would have prevented an intrusion’s penetration to that extend based on what we’ve learned of this specific attack. We also would have been able to return the system to operational status far more quickly.

The industrial world has gotten a peek at, and taste of, what an ICS attack can do; the risk has left the realm of the theoretical. Fortunately, highly targeted weapons are at hand to stem the now existential threat.

[1] Wired Magazine, Kim Zetter, March 3, 2016: http://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/