July 2016 – UKRAINE – Eastern Europe was blanketed in a heat wave last summer. In Kiev, Ukraine, a state of desperate resignation had set in as fighting intensified between pro-Russia rebels and Ukrainian forces to the east. Separatists closed highways and attacked ports. Meanwhile, a silent incursion had started to worm its way into the email accounts of employees at media outlets, national railroads and power distributors in the western half of the country. The digital-era Trojan horse looked like a call to arms from the nation’s embattled capital. The subject line read simply, “Mobilization.”
As Ukraine’s civil war raged, a few mouse clicks at three local power companies set in motion the covert intrusion. It was the first successful attempt at planting a bug, then disabling an electric grid serving hundreds of thousands of people. At 3:30 p.m. on Dec. 23, 2015, lights winked out in parts of the Ivano-Frankivsk regional capital. A minute later, another part of the grid went down. Soon, a third utility — and almost one-quarter of a million households and businesses had lost electricity. Workers at the Prykarpattyaoblenergo, Kyivoblenergo and Chernivtsioblenergo utilities watched helplessly as cursors moved across their workstation screens at the intruders’ commands, shutting down substations. Other hidden commands destroyed vital equipment. The attackers were invisible and precise, and they showed the world how fragile critical infrastructure is when hacking is used as a weapon of war.
Ukraine’s battle to wrest control from the hackers elevated the story of frequent blackouts in a poor country to the latest in a series of cyber-attacks with implications for the United States. Months in the making, it represented an escalation in attack methods that frightened U.S. authorities and executives. The hack methodically corrupted standard programming and subverted controls. It laid bare the work of persistent planners. Seven months after the Ukraine attack, U.S. security officials are still trying to understand whether the much larger, and more sophisticated, North American power grid is equally as vulnerable to a determined, insidious assault. A more ominous warning has been sounded to utilities and federal agencies: Step up preparations to recover from a cyber-attack that may one day break through.
Hackers didn’t simply crack a code and pull the off-switches at local substations — they rendered some crucial station devices inoperable. Then, they corrupted software and servers designed to turn the power back on. Ukraine is one of a cluster of cyberattacks in the past two years that grabbed headlines. The November 2014 attack on Sony Pictures Entertainment mushroomed into a national security and free-speech entanglement with North Korea.
The U.S. Office of Personnel Management (OPM) disclosed last summer that computer breaches included the theft of Social Security numbers of 21 million Americans. Hackers also stole fingerprints of government workers and compromised security clearances. The Obama administration in September 2015 publicly acknowledged suspicions that China was the source of the OPM breach. In the Ukraine case, top administration officials have kept quiet; refusing to give credence to experts’ widely held view that Russian hackers likely planned and executed the first-known takedown of a power grid.
The take down itself was quick and clinical, backed as it was by months of planning. Western Ukrainian grid operators could only watch as hackers booted them from workstations, dragging cursors around control system screens to achieve their own harmful ends. The attackers changed passwords so the Ukrainians couldn’t log back in to grab the reins. The blackout itself lasted less than six hours in most places. It was hardly calamitous for Ivano-Frankivsk, which is “no Manhattan,” as one Ukrainian source put it. The two other, mostly rural areas affected by the outages were similarly accustomed to power disruptions. It was a demonstration of power, maybe just field testing of the tools and the tactics.
The attack was a call to arms in the inchoate language of cyber warfare. To Robert Lipovsky, who was among the first cyber-security analysts to examine the Ukraine case, the events of Dec. 23 showed “that things such as this aren’t just theoretically possible,” he said, “that things like this can happen.” –EE News