Ukraine disables remote management systems after suspected energy hack

News by Rene Millman

If recent power outage were the result of a cyber-attack, it would be the second time Ukraine's energy systems had been hacked.

Hackers are suspected of causing a power outage in the Ukraine that left northern parts of Kyiv (Kiev), the capital, without power for over an hour. If confirmed, it would be the second time in a year an attack has rendered the country without power.

According to statements from Ukrenergo, a Ukrainian energy company, the most recent power outages took place on Saturday and has led to the company disabling remote management systems.

"Among the possible causes of failure are considered hacking and equipment malfunction (crashes)," said Ukrenergo in a statement. “Police were involved and conducted a thorough investigation into the accident.”

Ukraine has claimed Russian interference with its cyber systems before, including in January 2016 when it accused its former USSR partner of hacking a server at the Boryspil airport  which accounts for 65 percent of the nation's air traffic.

Ukraine adopted a new cyber-security strategy in March 2016 and pledged it would no longer buy Russian software.

In a Facebook posting, Vsevolod Kovalchuk, Ukrenergo acting director, said that power was restored to customers 45 minutes after personnel switched equipment from automatic to manual mode, just 75 minutes after the lights went out in customer homes.

He said one suspected cause was an "external interference through the data network" which led the firm's IT security team to look into the cause of the outage.

"Until the end of the official investigation of the accident, management of all Ukrenergo facilities with automatic control systems has been transferred to a local level,” the company said in a further statement to local news wires.

Kovalchuk told Reuters that the outage was around 200 megawatts of capacity, nearly one-fifth of Kyiv's energy consumption at night.

"There are no final conclusions yet about what it was, but experts say that this was something new and they have not encountered this before," Kovalchuk said.

Ukrainian intelligence agencies have also joined the investigation. Last December, the country's energy infrastructure was hit by a hack that left 225,000 people without power. Attackers used BlackEnergy and KillDisk to compromise networks and put systems out of action.

The past month has also seen government websites in the country hit by hacking. Ukraine's Finance and Defense Ministries and the state treasury have been affected. Ukraine's state security service blamed Russia for the attacks.

Moreno Carullo, co-founder and chief technical officer at Nozomi Networks, told SC Media UK that substations have long been considered a weak point, with respect to cyber-security, due to their remote location making them difficult to manage and monitor for disruptions.  

“While some are completely disconnected, and are therefore considered safe from cyber-attack, others form part of a Smart Grid which means they are part of a fully connected series of systems to allow for improved efficiency of the power grid.  However, with Smart Grid connectivity comes increased vulnerability to cyber-attacks due to the connected nature of the entire grid,” he said.

Alex Mathews, lead security evangelist at Positive Technologies, told SC that the chances of successful cyber-attack on power grids are growing in the modern world due to the internet.

“According to our research, building automation and energy management systems are the most common among all the industrial control systems that could be reached via Internet in 2016. And only two-thirds of these online-available systems can be called ‘secure'. The rest – every third system! – is hackable,” he said.

Chris Dye, VP communications at Glasswall Solutions, told SC that it could be considered that countries such as Ukraine are being used as the testing ground for critical national infrastructure attacks. “Perhaps [they are] seen as less sophisticated in terms of their ability to prevent such an attack, so techniques to breach the power network are being honed for future attacks in other regions?” he suggested.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews