Ultra Intelligence & Communications

Ukrainian Power Grid Hacked, Lessons Learned

January 7th, 2016 / By

As reported in DataBreachToday and elsewhere in recent days, hackers gained remote access to power production systems in western Ukraine, taking multiple electrical substations offline late last month. The Computer Emergency Response Team of Ukraine (CERT-UA) confirmed that the December 23 blackout, which  lasted three hours and darkened about 1.4 million homes, resulted from the BlackEnergy espionage Trojan and KillDisk wiper malware. The attack raises urgent questions for authorities and cybersecurity experts. As laid out in DataBreachToday, they center on identifying the responsible party and where subsequent attacks may occur.

Other questions underscore concerns raised repeatedly by cybersecurity entities that include companies like Ultra Electronics, 3eTI. These groups have added their voices to those of independent researchers and government security experts. Of nine questions addressed in the article, a subset of queries speak to industry inertia and ambivalence that indirectly enable the sponsors of large-scale attacks. To wit: Why does industry still lack forensics? Too many control systems lack logging or digital-forensic review capabilities. Will government agencies do something? In the U.S., deeply layered security recommended by independent experts remains largely voluntary. Will ICS vendors improve their security? Too many ICS providers fail to eliminate easy-to-address issues from their products such as hard-coded, known and simple passwords.

What will trigger change? The ninth question arises industry-wide far too frequently. The article cites views that change may come one day soon when market forces negatively impact credit ratings. Publicly traded power companies, for example, see share prices plummet when a large-scale attack decommissions critical operations to millions for several days. Hospitals go dark. Emergency communications networks crash. Chaos ensues. Then the financial markets reopen, wreaking havoc and bringing ruin to many a portfolio. That may be the type of pain that ultimately penetrates the thick walls of resistance to comprehensively secured critical systems. Read the article here.