Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ukraine's Power Outage Was a Cyber Attack, Says Power Supplier (reuters.com)

Posted by msmash on from the sophisticated-hacks dept.

A power blackout in Ukraine's capital Kiev last month was caused by a cyber attack and investigators are trying to trace other potentially infected computers and establish the source of the breach, utility Ukrenergo told Reuters on Wednesday. From the report: When the lights went out in northern Kiev on Dec. 17-18, power supplier Ukrenergo suspected a cyber attack and hired investigators to help it determine the cause following a series of breaches across Ukraine. Preliminary findings indicate that workstations and Supervisory Control and Data Acquisition (SCADA) systems, linked to the 330 kilowatt sub-station "North", were influenced by external sources outside normal parameters, Ukrenergo said in comments emailed to Reuters. "The analysis of the impact of symptoms on the initial data of these systems indicates a premeditated and multi-level invasion," Ukrenergo said.

3 of 59 comments (clear)

  1. Retards by Artem+S.+Tashkinov · · Score: 4, Insightful

    When your power grid management interfaces are directly connected to the Internet you must suffer. There's no excuse for that.

    1. Re:Retards by bobbied · · Score: 3, Insightful

      When your power grid management interfaces are directly connected to the Internet you must suffer. There's no excuse for that.

      Not saying it necessarily was in this case, but if such a connection is justified, then there's no excuse for not mitigating that risk properly with an applicable security model.

      The answer is risk mitigation and management. If we unplugged everything that got hacked, nothing would be online.

      And WHY do you need the power grid online in the first place?

      About the only reason can imagine you'd use the internet in a system designed for controlling the power grid is as a backup communications path for all those remote sites when your primary data path fails. However, you are an idiot if you don't use encrypted VPN's and some pretty restrictive firewalls in those cases.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  2. Practice by surfdaddy · · Score: 4, Insightful

    Kill two birds with one stone - Russia aggravates the Ukraine, and also practices for what they could do to Europe and the US.