Attacks on Ukrainian Power Providers Hold Lessons for the Future
NEWS ANALYSIS: The first known cyber-attack to cause a power outage shows that power companies will no longer escape damaging attacks.On Dec. 23, a blackout hit the western part of Ukraine, affecting a region served by three power-generation centers. As the two power companies affected by the outage recovered, their support centers were inundated with fake phone calls, blocking legitimate customers from reaching the companies's staff. Within hours, officials for the power companies concluded that a coordinated attack on their information systems, including malware that deleted infected systems, was responsible for the outages. Industrial control system (ICS) security experts have since confirmed many of the details of the attack. While the companies recovered within hours, the impact of the attack will take far longer to become apparent, Robert M. Lee, a SANS-certified instructor and ICS security expert, told eWEEK. For more than a decade, security researchers have warned manufacturers and power companies that their networks are vulnerable. Yet demonstrations tend to have a much greater impact and could convince other cyber-attackers to focus on power companies, he said. "The big lesson here is that someone crossed the threshold of having an actual cyber-attack—not just an intrusion, or malware on the network—but that someone actually brought down a power system through cyber means," said Lee, a former cyber-warfare operations officer for the U.S. Air Force. "That is an historic event, it has never occurred before, and there needs to be an international response by political leaders to talk about this because it sets a precedent going forward."
While security professionals have often warned about the vulnerability of critical infrastructure, attacks continue to be relatively rare. While a variety of cyber-focused actors have begun targeting ICS environments, the lion's share do not get past the front door. In its summary of incident response statistics, the ICS Cybersecurity Emergency Response Team (ICS-CERT) found that 69 percent of attacks in 2015 did not successfully gain access to any system within a critical-infrastructure organization. However, attackers are becoming more successful: 12 percent of attacks compromised control systems in 2015, compared with 9 percent in 2014.