How Hackers Disabled Ukraine Power Grid: Lessons For U.S. And Europe

When hundreds of Ukrainians in the Ivano-Frankivsk region lost power two weeks ago, government officials blamed Russians with disrupting the utilities’ software and jamming its telephone lines to prevent customers from alerting anyone, Hacked reported. These claims evoked fears of a worst-case scenario coming to life.

However, cybersecurity researchers who investigated the power failure have since determined that the attack was not of the level that could undermine a major power grid in 15 minutes, according to Bloomberg.

Europe And U.S.: Tougher Targets

European and U.S. power grids are more automated and much tougher targets. To attack Manhattan’s power system, hackers would have to find flaws in systems that the utilities were not aware of.

Jason Larsen, a consultant at IOActive who specializes in industrial control systems, said the hacker destroyed at least 30 of the Ukraine’s 135 power substations for approximately six hours. Cybersecurity companies investigating the hack said it occurred in two stages. Hackers first used malware to guide the utilities’ industrial control computers to disconnect the substations. They then added a wiper virus, disabling the computers.

Was Russia The Culprit?

Some of the companies investigating the hack said the Russians were behind it. The malware used, BlackEnergy3, is only associated with a group that researcher ISight Partners refers to as Sandworm. That group attacked the Ukrainian government and NATO in 2014.

John Hultquist, director of cyber espionage analysis at ISight, said Sandworm’s targets are definitely in line with Russia’s geopolitical interests.

In the Ukrainian hack, the hackers simply found the grid controls and executed a command that shut off the power. Older systems can be more susceptible to attacks like this while modern industrial control software is more adept at recognizing and rejecting such commands, Larsen said.

While the Ukrainian power grid was more vulnerable to attack, it was also easier to repair than a successful attack against a U.S. or European power grid would be.

Also read: Study: U.S. power grid is vulnerable to state-sponsored hackers

Lessons For U.S. And Europe

In the Ukraine, utility workers were able to restore power by resetting circuit breakers manually at the substations. Hackers capable of disrupting New York’s power plant software would most likely need to bypass safety mechanisms to run a transformer or generator hotter than usual, which would damage the equipment. Michael Assante, the former chief security officer at the nonprofit North American Electric Reliability, said such an action would keep a substation disabled for days or weeks.

Hackers could have targeted Ukraine’s power grid for the same reason that NATO jets in 1999 bombed Serbian power plants, which was to alarm the citizens that their government was unable to keep the lights on. The hackers could have viewed the attack as retaliation for a sabotage that caused a blackout in Kremlin-controlled Crimea in November. The saboteurs used explosives to destroy pylons and then attacked repair workers, causing a blackout for 1.2 million people for days.

The bottom line is that Ukraine’s aging systems make its grid easier to hack but also easier to repair in a matter of hours. A successful attack in the U.S. could last for weeks.

Featured image from Shutterstock.

Lester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.