Ukraine's Power Outage Was a Cyber Attack, Says Power Supplier

A power blackout in Ukraine's capital Kiev last month was caused by a cyber attack and investigators are trying to trace other potentially infected computers and establish the source of the breach, utility Ukrenergo told Reuters on Wednesday. From the report: When the lights went out in northern Kiev on Dec. 17-18, power supplier Ukrenergo suspected a cyber attack and hired investigators to help it determine the cause following a series of breaches across Ukraine. Preliminary findings indicate that workstations and Supervisory Control and Data Acquisition (SCADA) systems, linked to the 330 kilowatt sub-station "North", were influenced by external sources outside normal parameters, Ukrenergo said in comments emailed to Reuters. "The analysis of the impact of symptoms on the initial data of these systems indicates a premeditated and multi-level invasion," Ukrenergo said.

gee i wonder who

Can't imagine which nation could possibly have a motive against Ukraine, especially one with a track record of cyber attacks and offensive maneuvers against Ukraine...

Re:gee i wonder who

Moscow sent in hookers to pee on a Ukrainian workstation. True story.

Re:gee i wonder who

Stop trying to blame Moldova, bro.

Re:gee i wonder who

[deKernel]

Obligatory quote from one of the greatest movies of all time!

https://www.youtube.com/watch?...

Re:gee i wonder who

[unixisc]

Can't imagine which nation could possibly have a motive against Ukraine, especially one with a track record of cyber attacks and offensive maneuvers against Ukraine...

So what exactly does Julian Assange have against Kyiv?

Re:gee i wonder who

What are you insinuating, that Hillary Clinton's secret child-pizza ring is ALSO a 1337 hacker corps destabilizing eastern europe? I KNEW IT! To the Breitmobile!

Re:gee i wonder who

Can't imagine which nation could possibly have a motive against Ukraine, especially one with a track record of cyber attacks and offensive maneuvers against Ukraine...

It is much simpler bro. Ukraine broke its own infrastructure with help of hackers from Maldives in order to smear good name of the Russian Federation within international community.

Re: gee i wonder who

Most nations in the Balkans, Central, and Eastern Europe have various reasons for disliking Ukraine. It is an extremely corrupt country run by mobs, and now also US puppets. For example, there were a few times when they decided to hold natural gas pipelines from Russia hostage in the middle of winter, letting the countries who relied on the gas for heat and energy freeze, basically blackmailing them. In fact, the only president who seemed fair and started turning things around for the better was the democratically elected president who was ousted by the CIA psy-op revolution a few years ago.

Re:gee i wonder who

[gravewax]

The US?

Re: gee i wonder who

[mnemotronic]

Funniest comment of 2017 (so far)

Re: gee i wonder who

[mnemotronic]

More cowbell.

Re: gee i wonder who

Hi igor, is that you?

Retards

[Artem+S.+Tashkinov]

When your power grid management interfaces are directly connected to the Internet you must suffer. There's no excuse for that.

Re:Retards

[geekmux]

When your power grid management interfaces are directly connected to the Internet you must suffer. There's no excuse for that.

Not saying it necessarily was in this case, but if such a connection is justified, then there's no excuse for not mitigating that risk properly with an applicable security model.

The answer is risk mitigation and management. If we unplugged everything that got hacked, nothing would be online.

Re:Retards

[Opportunist]

I'll remind you of this when the power goes down in your country.

You'd probably be surprised just HOW vulnerable most of the world's critical infrastructure really is.

Re:Retards

As the StuxNet example shows, it isn't simply a matter of direct connections to the Internet.

And if you want to run a powergrid, connecting your systems is going to happen. It's imprudent to act otherwise.

Re:Retards

If we unplugged everything that got hacked, nothing would be online.

You say that like it's a bad thing.

Re:Retards

[bobbied]

When your power grid management interfaces are directly connected to the Internet you must suffer. There's no excuse for that.

Not saying it necessarily was in this case, but if such a connection is justified, then there's no excuse for not mitigating that risk properly with an applicable security model.

The answer is risk mitigation and management. If we unplugged everything that got hacked, nothing would be online.

And WHY do you need the power grid online in the first place?

About the only reason can imagine you'd use the internet in a system designed for controlling the power grid is as a backup communications path for all those remote sites when your primary data path fails. However, you are an idiot if you don't use encrypted VPN's and some pretty restrictive firewalls in those cases.

Re:Retards

> As the StuxNet example shows, it isn't simply a matter of direct connections to the Internet.

Right, you also have to lock down your USB ports so that people don't put strange USB sticks into the computers.

Re:Retards

It's so your Amazon Alexa can order more toilet paper at the power plant... duh.

Re:Retards

[geekmux]

If we unplugged everything that got hacked, nothing would be online.

You say that like it's a bad thing.

Believe me in many ways it would be nice to revert back to a sane security model of keeping shit offline.

Unfortunately you first have to convince the marketeers and investors who have turned "online" into a pot o' gold valued in the trillions.

Re:Retards

And WHY do you need the power grid online in the first place?

Well, that's a stupid question.

No, really, it is, because you aren't specifying what you mean by having the power grid online.

The power grid itself IS literally online, it is a network in itself. That's the result of not having all point-of-delivery power generation. Been that way for a while.

Now it's getting more complicated, with computers, and systems, that talk to each other, in order to manage the system better.

Now you might say they did things without all sorts of sophisticated computers once, why not again? Because that'd be more inefficient, and less effective.

So yeah, you are going to network your grid management systems now.

Re: Retards

You don't have to convince marketers. You just need to send them home without pay. It's a self-extinguishing problem.

Re:Retards

[Bob+the+Super+Hamste]

You'd probably be surprised just HOW vulnerable most of the world's critical infrastructure really is.

Concerning power grids, no I wouldn't and people in the US and Canada would actually be surprised how well protected the bulk electrical system is here when compared to what is reported. Even small operators like to follow the security requirements that the large ones have to even if they don't as it does allow them to say that they are following the industry best practices which is a good CYA from lawsuits. Other countries are a different story and vary greatly but even those who hadn't cared much before are coming around after the Dec. 23, 2015 hack of the Ukranian grid caused a lot of European companies to collectively shit themselves.

I'll just leave a few things here for you. In the US and Canada those are either the regulations for cyber security of our power grid or specific requirements being written into contracts for new control systems for our power grid. All of them have to follow NERC CIP with the the other 2 being optional but widely used as a CYA. The Europeans do not have such requirements and it varies from country to country but those that do have regulations they are often very far behind even previous version of NERC CIP. That is not to say that those make you secure but they do offer a good start and following any one of those documents would provide more security than the preferred PCI DSS standard that everyone outside of power grid world thinks is great and the be all end all.

Re:Retards

[skids]

All physical and RF ports, actually, not just USB, plus all unnecessary services not needed on the OOB management network you may or may not be lucky enough to have instead of VPNing over the internet. And you have to keep them locked down as you upgrade tens to hundreds of different operating systems across multiple vendors across multiple device hardware models. Which means thoroughly testing that the vendor didn't accidentally break the option setting that turns them off... if you were lucky enough to have it in the first place.

People who are not in IT, or are in IT but have a nice monolithic setup where you have 2-3 server OSes, one monolithic datacenter top-of-rack OS/switch, and maybe an intellegent power strip and UPS in the mix and maybe a SAN or load balancer, have no idea what a challenge this actually is to accomplish in a large heterogeneous network that does a lot more than serve webpages, engage in HFT, or mine bitcoins.

Re:Retards

Well, in the case of the power grid you would need to disable everything that allows management of the power grid from a central unit.
That in turn will make the power grid more vulnerable to other issues.

It's like trying to secure your webserver by disconnecting it from the net.
The server will be secure but it won't work as you want.

Re: Retards

Especially to squirrels !!!

Re:Retards

[ColdWetDog]

Hah. Your puny wires, locks, boxes and security consultants are total fail.

Forget cockroaches, Donald Trump and Madonna.

It's small, furry rodents. All the way down. And Bob, you really should know about this.

Re:Retards

[ColdWetDog]

Goddamnit. Slashdot, just when are you going to enter the wonderful world of editing.....

small, furry rodent redux.

Re:Retards

[ColdWetDog]

And it helps if you aren't trying to purify bomb-grade uranium.

Re:Retards

[ljw1004]

When your power grid management interfaces are directly connected to the Internet you must suffer. There's no excuse for that.

There are plenty good reasons. You're being extreme.

The grid management has to be connected to *some* network. That's so you can monitor the health of the grid from a central location, and coordinate a distributed response to events. (Heck, it's also useful if you can connect to control it even when weather conditions make it too hazardous to travel on-site).

[1] You could do that with suitable VPNing over the public internet. That way you benefit from its extensive reach, its cheap price, its resilience, the rapid repair time that ISPs offer. All you need to build is a network connection from each of your grid nodes to the nearest internet.

[2] Or you could do it with dedicated leased lines that aren't part of the internet. You'll pay a heck of a lot more, and loads of grid nodes won't have convenient connection.

[3] Or you could put up your own network. (You're a power-grid so you're used to putting up networks!) But this isn't your core competence, will suffer from longer outages, and will be most expensive.

Bear in mind that every subcontractor who prepares a bid using the public internet will produce a *LOWER* bid with *INCREASED* functionality. The only way that a higher-priced bid will ever win is if they someone demonstrate that the downside costs (in terms of expected cost of future hacks) will be significantly larger than the higher upfront bid. And any such attempted demonstration would be instantly met by the answer "why not use just a secure VPN to get best robustness at the cheapest price?"

So I think that infrastructure like this *can* and *should* be connected to the internet.

Re:Retards

[Bob+the+Super+Hamste]

Heck, it's also useful if you can connect to control it even when weather conditions make it too hazardous to travel on-site

Operators have worked shifts that last longer than a day. If a storm is coming in very often the power company will put a second set of operators up in a hotel within walking distance (often just a couple hundred meters) so that they can rotate people in and out as needed. This would also hold for having a second set of operators at the backup site as well, so there would be 4 sets of operators ready to go in these cases.

[1] You could do that with suitable VPNing over the public internet. That way you benefit from its extensive reach, its cheap price, its resilience, the rapid repair time that ISPs offer. All you need to build is a network connection from each of your grid nodes to the nearest internet.

Not done in the US and not allowed by regulation.

[2] Or you could do it with dedicated leased lines that aren't part of the internet. You'll pay a heck of a lot more, and loads of grid nodes won't have convenient connection.

This is done but usually only between main and backup control centers.

[3] Or you could put up your own network. (You're a power-grid so you're used to putting up networks!) But this isn't your core competence, will suffer from longer outages, and will be most expensive

How do you think they are currently getting the data from substations and other devices. It isn't like DNP, Modbus, and ICCP haven't been around for ages and run just fine over the old serial connections that the power companies put in originally. Often they now have a serial to ethernet aggregators and then run just one line back but the power companies do know how to do this and do it well. For added redundancy you can also have microwave link from substations back to the control center which is often the case.

Bear in mind that every subcontractor who prepares a bid using the public internet will produce a *LOWER* bid with *INCREASED* functionality. The only way that a higher-priced bid will ever win is if they someone demonstrate that the downside costs (in terms of expected cost of future hacks) will be significantly larger than the higher upfront bid. And any such attempted demonstration would be instantly met by the answer "why not use just a secure VPN to get best robustness at the cheapest price?"

Yes a contractor could bid that and it may appeal to some of the dumber upper management at a grid operator. The problem is that there are smart people and regulations that would very quickly stamp that dumbness into the dirt. Bring up that doing so is a NERC CIP violation and carries a $1,000,000/day fine and you are talking real money real fast.

So I think that infrastructure like this *can* and *should* be connected to the internet.

Then it is a good thing that you don't work in that industry as that statement proves. You would have had that drilled out of you in your first NERC CIP annual training.

Re: Retards

[mnemotronic]

Many thanks for the link. I thought that when the head of the NSA said "squirrels", it was a metaphor or sekret code word. Not so. Now I'm worried about jellyfish. We get a lot of outages in rural Colorado. I'm going on the hunt for giant electricity-sucking alien jellyfishes hovering above high tension towers.

Don't worry, komrades

President-Elect Trump has assured us that Russia has nothing to do with it.

Practice

[surfdaddy]

Kill two birds with one stone - Russia aggravates the Ukraine, and also practices for what they could do to Europe and the US.

Re:Practice

[Oswald+McWeany]

I'm sure if this were the Russian government then ALL the powerstations would have gone down. The fact that only one went down suggests to me that it is some Russian nationalists with hacking skills and a nationalistic fire in their belly.

Expect if we go to war against Russia/China all the lights will go off and communications will be disrupted in our country and theirs- at least initially.

Re:Practice

In this case I think it was the US doing the practising. I mean, if we're pulling names of countries out our assess. Or maybe New Zealand - they are suspiciously close to communism over there.

Re:Practice

[skids]

The advantage of having enemies with soft IT targets is you get to practice your cyber attacks and hone your skills with little downside risk that you are exposing your capabilities.

The U.S. has (at least up to now, we'll see) had some level of ethics preventing them from instigating territorial aggressions or just callously using small countries as target practice, and unlike traditional military where you can make a show of strength just by holding a parade, in cyber you'd be a fool to show off for fear of allowing adversaries to see your weapons and build defenses for them.

Re:Practice

Why would they, even? If Russia wanted to hit the infrastructure in Ukraine they could shut down the Gas pipelines... legally.

Thanks again though, for this news. I love these "Russia did it" news, that just shows how full of idiots the world is. Always amusing.

330 KILOwatt?

[Ungrounded+Lightning]

... 330 kilowatt sub-station ...

That's either a typo or the Ukraine has a VERY wimpy power grid, to have a "substation" that small.

330 kW is 440 HP, in the moderate-low range for a big rig's semitractor engine. In the US a typical household averages over a kilowatt 24/7, with peak hours higher. So a "substation" that small would serve a neighborhood of maybe a hundred houses or a bit more.

In my Silicon Valley townhouse's neighborhood, built back in the '50s or so, we have over a hundred houses served by a single-phase "bank" - a parallel connection of three "pole pigs" spread out around the neighborhood, with their primaries and secondaries tied. It doesn't even rate an independent switch. (When a goose shorted and dropped a primary line they just disconnected the primaries to the segment containing the bank until it was fixed.) Several banks on each phase are tied together before you have enough load to rate actually installing a switch on the feed, several of those before it rates a remote-controlled switch, and several small towns (or a substantial factory) before it rates a "substation" - a fenced-off chunk of land with big box equipment.

Re:330 KILOwatt?

[orgelspieler]

Clearly a typo. Must be megawatts. 330kW is a moderate pole transformer, like you said. Hell, one of my shops uses over a MW peak, and it's on pole mounted transformers.

Re:330 KILOwatt?

[pointybits]

It is actually a 330/220/110 kV substation, with a capacity of around 472 MVA: http://wikimapia.org/19193860/... and http://ukrenergo.energy.gov.ua...

Attack of "The Cyber"

[monk]

They're going to need to call in a real expert for this one: http://www.gocomics.com/tomthe...

Not a very big power station...

Cyber attacks are dangerous, and security is important, but this is a very small power station...

At my utility in Canada, we budget approximately 5-6kW of load per household/apartment... In Ukraine, due to socioeconomic conditions, I might reduce the estimated power consumption to 3-4kW per household to account for less electronics, etc...

Therefore, the number of customer households out of power is approximately 330 / 3 = 110...

If the power consumption actually is closer to our North American number of 5-6kW due to old or inefficient appliances, then the number of customers out of power is approximately 330 / 5 = 66.

Residentially speaking, this is probably the equivalent of a large apartment complex, or a few smaller ones... Not very large scale attack...

Re:Not a very big power station...

So? The hackers are practicing by starting small. It's even smart, in a sinister kind of way.

Wait until the attacks get big. Wait until the attackers get bold. They will come for us next.

Re:Who did the investigating?

They had cyber security expert Rudy "noun, verb, 9/11" Giuliani investigate.

err

Should that not be 33.0 megawatt,not 330 kilowatts,that's a tiny little factory size unit,any system that can be forced to entirely trip out by the loss of such a tiny unit needs serious looking at..

soon there will be kids going...

the russians ate my homework!!!

Yawn

This news would tend to make us complacent. This is the best a hacker can do? We are supposed to be afraid of Russian cyber warfare now and spend billions of dollars to fight this terrible horror? The story is that the power went out for a little while because of a hacker in the Ukraine. After the power is back on, did it really matter? The power goes out all of the time due to animals, accidents, weather, etc. This isn't the type of war fighting capability that we should fear. I think we should be more afraid of underwater drones that can launch hypersonic nuclear weapons.

There are legitimate use-cases...

[mi]

I've never been to a power-generating station, so my speculations are very general...

Given: you wish to use computers to better manage the power-generation and distribution. Computers run software — either your own, or, more likely, commercial.

Software requires perpetual maintenance — fixing bugs and improving. Most of today's software vendors — both external and internal to enterprises — publish updates online. Voila, your computers need access to the Internet to get it. It may not be direct access — you may be able to limit it only to certain subnets and protocols. But their need to such access is still legitimate.

Even if you lock it all down and update only via a CD or a flash-card, you are still vulnerable. A hostile state can seduce, bribe, or blackmail whoever is supposed to carry the media. Russian prostitutes are the best in the world claims Vladimir Putin — while a hitherto unfuckable geek is getting the "girlfriend experience" of his life, her KGB-colleague can examine and subtly alter the files.

You can not eliminate such risk — you can only mitigate it...

Re: There are legitimate use-cases...

[pixelpusher220]

These computers are beyond mission critical. It is entirely possible to update from a local source.

Any even medium sized site will update via a designated update server so you aren't downloading the same update 500 times.

And since your mission critical Machines aren't connected they don't need Adobe updates etc.

Re: There are legitimate use-cases...

[mi]

The uranium-weaponization machinery in Iran was only more "mission critical" than a city's civilian power grid. And yet, Israelis/Americans managed to infect it anyway.

It is entirely possible to update from a local source.

From where would that local source obtain the files? The answer is: from the outside.

Whether you are connected to that outside via wires or sneakernet is not even relevant — all such connections are corruptible... A human being may be harder to corrupt, but not impossible. A dedicated adversary — and Russia certainly is one such — can do it.

Re: There are legitimate use-cases...

[pixelpusher220]

It's ENTIRELY relevant to risk mitigation.

An online connected system is much more at risk than one needing an inside manual hand. it's why air-gap networks exist.

Mission critical should be air-gapped so that the risks can be reduced.

Updates are only applied after scanning and deployment in test systems, period.

Are you going to stop everything? of course not, but you'll stop a damned lot more than with internet connected mission critical computers.

Re: There are legitimate use-cases...

[mi]

An online connected system is much more at risk than one needing an inside manual hand

Is it? Why? I can imagine a number of scenarios, when it may be easier to corrupt a human being, than to break the security software and/or encryption keys...

Mission critical should be air-gapped so that the risks can be reduced.

Iran's nuclear centrifuges were air-gapped. It did not save them... Worse, it may have made the break-in easier, while making its detection and cleanup harder.

America strikes again

It looks like the US is stirring up crap again in Ukraine by knocking out their power.

Zero evindence as usual

Just a bunch of unsubstantiated claims designed to make you think:

1. The outage is not the maintenance company's fault (which it usually is)
2. Ukraine is an innocent victim that needs more support (money, visa-free travel, etc)