News: The attack is what cyber war might look like.
The attack on the Ukrainian power grid just before Christmas last year appears to be the first time a cyber attack has ever caused an electricity outage.
While information on the attack is still being discovered, Steve Ward, senior director at iSight Partners, one of the cyber security firms looking into the attack, told CBR: "What we know is that for the first time it appears that we have the use of a cyber attack to actually disrupt power service."
Andrew Tsonchev, Darktrace Senior Cybersecurity Specialist, agrees. "It marks a shift to the first time that cyber attacks can have more than just a financial or reputational damage" he told CBR.
Whatever else about the attack is found after further investigation, it has serious implications for countries well away from Ukraine.
Ward said these types of attacks – reconnaissance to probe critical infrastructure, which his firm have previously warned about, "would be close to what everybody has talked about and written about in their books about what cyber war would look like."
Such moves, he said, are "beyond intellectual property theft, it’s beyond intelligence collection like what happened with the Office of Personnel Management, it’s moving into the area of disruptive destructive attacks."
He says that "it could be perceived… on the international scale as acts of war."
Previously, said Ward, "the use of cyber for these type of disruption had traditionally been off the time for fear of retribution…the way it could escalate."
However, iSight "had predicted closer and closer edging towards that line, and now I think we’ve seen it."
Thats a pretty terrifying thought, and it’s not just Ward thinking it, Tsonchev said something similar. He said that the Ukrainian cyber attack "means that they now have the capacity to be used for direct real world physical attacks. The same kind of things you might do with explosives and blowing things up."
iSight Partners think that those behind the attack had previously gone after US and European SCADA Systems, using it as reconnaissance for the December 23rd attack. The firm believes that the attack, which left hundreds of thousands of homes in Ukraine without electricity, was conducted by a group called Sandworm, which it says is aligned to the national interest of the Russian state.
Just yesterday, The Daily Beast exclusively revealed that American intelligence and security agencies were "investigating whether Russian government hackers were behind a cyber attack on the Ukrainian power grid."
Perhaps even scarier, these are not top end, zero-day attacks. Symantec says that the Diskail malware that was linked to the outage, which is also known as KillDisk, had been used to attack media target in the country in late October.
However, Ward said that although the development is worrying, those in London and New York don’t have to fear the power grid suddenly being knocked offline. However, he does think that "if the wake up calls have not been sufficient over the years, this has got to be the one" for Western governments.
iSight do not believe that the much discussed BlackEnergy Trojan itself caused the outage, but helped distribute the payload that did. "If BlackEnergy the Trojan through which they could then deliver subsequent payload, and this Killdisk piece is definitely part of that, that’s when the payload dropped," said Ward.
Tsonchev said "the threat is the same facing everybody, and the solution is the same for everybody, they need to get better visibility into their network and they need to start have a view into what is happening into these industrial control system networks"
Tsonchev is concerned about the level of protection that critical infrastructure firms have: "We’ve extended the same set of risks that we always faced traditionally in the normal copper networks into the heart of these industrial systems. So we’ve imported in the same structural problems that we face in the rest of our network right into these functional areas.
"It’s actually even worse than just in the normal network, because we’ve imported into what is basically a 1990s networks, because these industrial controls system networks are antiquated, they typical have quite bad defences, and they’re a hodge podge mix of different vendors and different solutions that have been built of the last 20-30 years."
A spokesperson for the UK’s Department Energy and Climate Change said protection for the electricity industry is in place: "The UK has one of the most reliable electricity systems in the world, with dedicated cyber experts and teams that help keep it protected."
That may well be the case, but that does not stop the threat to critical infrastructure being a very real one both here and elsewhere. The attack in Ukraine just brought home how real that threat is.