Cyber attacks on the energy system in Ukraine

I have written before about the threat of physical and cyber attacks on critical energy infrastructure (here) and so my eye was caught by an article highlighting the US Department of Homeland Security’s report into the power outages in Ukraine in December.

The background is that on 23 December 2015 three Ukrainian regional power distribution companies experienced power outages that affected 225,000 customers. A US team with representatives from the National Cybersecurity and Communications Integration Center (NCCIC), the Industrial Systems Cyber Emergency Response Team (ICS-CERT), the US Computer Emergency Readiness Team (US-CERT), Department of Energy, Federal Bureau of Investigation and the North American Electric Reliability Corporation travelled to Ukraine and investigated with the full co-operation of the Ukrainian authorities. Although the team were not able to independently review technical evidence, based on their interviews with those with first hand experience of the attacks, they concluded that the outages were caused by “synchronized and coordinated external cyber-attacks”.

Apparently the attack wiped some systems after the attack using KillDisk, a utility for wiping hard drives. The perpetrators also corrupted the firmware of devices at sub-stations and scheduled disconnects in Uninterruptible Power Supplies, actions designed to interfere with efforts to restore power. Each company also reported that they had been infected with BlackEnergy malware. Apparently there have also similar cyber attacks on a mining company and a train company in Ukraine.

The US Department of Homeland Security has reported that cyber attacks on pipelines and electric power infrastructure have been occurring at an “alarming rate”. In 2015 the former Director of the National Security Agency, General Keith Alexander, warned that the US and their allies were facing a growing cyber security threat and that energy infrastructure was the most likely target. The current NSA chief Michael Rogers has testified that China is capable of cyber-attacks that could cause ‘catastrophic failures’ of the water system or the electricity grid. In January Israel’s Electric Authority was hit by an “extreme cyber attack”. This paralyzed many computers but did not seem to affect power supplies.

The threat of cyber attacks on energy infrastructure is becoming more alarming. It seems to be another argument for aggressively driving demand down through energy efficiency and decentralized power, as long as the various bits of decentralized infrastructure are suitably protected against cyber attacks. A decentralized “smart” energy system sounds attractive but a highly connected system could be just as vulnerable although of course with suitable protection it may be easier to contain problems and any particular problem is likely to have smaller consequences. It also seems to be another argument against large, massively complex systems like nuclear power plants that contain millions of lines of software and potentially massive consequences of failure. We need to design new energy systems that are robust and resilient against cyber attack, as well as physical attack, and rapidly improve the cyber security of existing infrastructure.