A power cut that hit a portion of the Ukrainian capital, Kiev, in December has been labelled a cyber attack by researchers who investigated the incident.
The blackout in Kiev on December 17 lasted just over an hour and started just before midnight.
The 2016 power cut, according national energy company Ukrenergo at the time, amounted to a loss of about one-fifth of Kiev’s power consumption at that time of night,
Information Systems Security Partners (ISSP), a cyber security company, linked this latest failure in critical public infrastructure to a hack and blackout in 2015 that affected 225,000.
Oleksii Yasnskiy, head of ISSP labs, said: “The attacks in 2016 and 2015 were not much different – the only distinction was that the attacks of 2016 became more complex and were much better organised.”
This attack took place almost exactly one year after a much larger hack on a regional electricity distribution company, which was later blamed on the Russian state security services.
In this instance no state actor has been identified. However, Ukraine said that Russia had directed thousands of cyber attacks towards it towards the end of 2016.
The first of many?
There is genuine concern that the attackers used Ukraine as a test bed for future attempts against networks across the globe.
Andrea Carcano, founder and chief product officer at Nozomi Networks said, “While hardly a surprise that this has now been confirmed as a cyber attack, it demonstrates a worrying trend. I think the suggestion that the Ukraine is being used as a ‘testbed for refining attacks’ is highly likely and what’s particularly concerning is that the attackers could have caused far more damage than they did”.
“We can’t be sure who is behind this latest attack, but it’s likely to be several criminal gangs working together to conduct the incursion. The methodology used demonstrated they had sophisticated skills, with the attack better organised and more complex than the 2015 breach.”
“This illustrates that there are adversaries, with both intent and ability, to launch attacks and cause damage to the critical infrastructure of every country around the globe, and this threat must not be ignored.”
David Emm, principal security Researcher at Kaspersky Lab, disagreed and said it was “hard to say for sure” if the incident was a trial run.
Regardless, a “wait and see” attitude should not be adopted. It should serve as the latest warning that hackers can severely affect, even take offline, critical public infrastructure.
A scenario in which London or New York (or any major city) is taken offline in the middle of the working day would be catastrophic for financial services, as well causing potential chaos, when considering public transport as one example.
The only way to combat this is through a strong cyber resilience strategy. A “defence in depth measures is needed,” said Carcano, “and that includes network segmentation, firewalls and visibility solutions. All protectors must re-examine their ICS cybersecurity programs carefully and arm themselves with technology that will enable them to detect and respond to attacks, in real time, if they’re to keep the attackers out and the power on”.