Ukraine's Power Outage Was a Cyber Attack, Says Power Supplier (reuters.com)

← Back to Stories (view on slashdot.org)

Ukraine's Power Outage Was a Cyber Attack, Says Power Supplier (reuters.com)

Posted by msmash on Wednesday January 18, 2017 @04:00AM from the sophisticated-hacks dept.

A power blackout in Ukraine's capital Kiev last month was caused by a cyber attack and investigators are trying to trace other potentially infected computers and establish the source of the breach, utility Ukrenergo told Reuters on Wednesday. From the report: When the lights went out in northern Kiev on Dec. 17-18, power supplier Ukrenergo suspected a cyber attack and hired investigators to help it determine the cause following a series of breaches across Ukraine. Preliminary findings indicate that workstations and Supervisory Control and Data Acquisition (SCADA) systems, linked to the 330 kilowatt sub-station "North", were influenced by external sources outside normal parameters, Ukrenergo said in comments emailed to Reuters. "The analysis of the impact of symptoms on the initial data of these systems indicates a premeditated and multi-level invasion," Ukrenergo said.

18 of 59 comments (clear)

Min score:

Reason:

Sort:

gee i wonder who by Anonymous Coward · 2017-01-18 04:04 · Score: 5, Funny

Can't imagine which nation could possibly have a motive against Ukraine, especially one with a track record of cyber attacks and offensive maneuvers against Ukraine...
Retards by Artem+S.+Tashkinov · 2017-01-18 04:05 · Score: 4, Insightful

When your power grid management interfaces are directly connected to the Internet you must suffer. There's no excuse for that.
1. Re:Retards by geekmux · 2017-01-18 04:17 · Score: 3, Informative
  
  When your power grid management interfaces are directly connected to the Internet you must suffer. There's no excuse for that.
  Not saying it necessarily was in this case, but if such a connection is justified, then there's no excuse for not mitigating that risk properly with an applicable security model.
  The answer is risk mitigation and management. If we unplugged everything that got hacked, nothing would be online.
2. Re:Retards by Opportunist · 2017-01-18 04:21 · Score: 3, Interesting
  
  I'll remind you of this when the power goes down in your country.
  You'd probably be surprised just HOW vulnerable most of the world's critical infrastructure really is.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
3. Re:Retards by bobbied · 2017-01-18 04:33 · Score: 3, Insightful
  
  When your power grid management interfaces are directly connected to the Internet you must suffer. There's no excuse for that.
  Not saying it necessarily was in this case, but if such a connection is justified, then there's no excuse for not mitigating that risk properly with an applicable security model.
  The answer is risk mitigation and management. If we unplugged everything that got hacked, nothing would be online.
  And WHY do you need the power grid online in the first place?
  About the only reason can imagine you'd use the internet in a system designed for controlling the power grid is as a backup communications path for all those remote sites when your primary data path fails. However, you are an idiot if you don't use encrypted VPN's and some pretty restrictive firewalls in those cases.
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
4. Re:Retards by Bob+the+Super+Hamste · 2017-01-18 05:30 · Score: 2
  
  You'd probably be surprised just HOW vulnerable most of the world's critical infrastructure really is.
  Concerning power grids, no I wouldn't and people in the US and Canada would actually be surprised how well protected the bulk electrical system is here when compared to what is reported. Even small operators like to follow the security requirements that the large ones have to even if they don't as it does allow them to say that they are following the industry best practices which is a good CYA from lawsuits. Other countries are a different story and vary greatly but even those who hadn't cared much before are coming around after the Dec. 23, 2015 hack of the Ukranian grid caused a lot of European companies to collectively shit themselves.
  
  I'll just leave a few things here for you. In the US and Canada those are either the regulations for cyber security of our power grid or specific requirements being written into contracts for new control systems for our power grid. All of them have to follow NERC CIP with the the other 2 being optional but widely used as a CYA. The Europeans do not have such requirements and it varies from country to country but those that do have regulations they are often very far behind even previous version of NERC CIP. That is not to say that those make you secure but they do offer a good start and following any one of those documents would provide more security than the preferred PCI DSS standard that everyone outside of power grid world thinks is great and the be all end all.
  
  --
  Time to offend someone
5. Re:Retards by skids · 2017-01-18 05:44 · Score: 2
  
  All physical and RF ports, actually, not just USB, plus all unnecessary services not needed on the OOB management network you may or may not be lucky enough to have instead of VPNing over the internet. And you have to keep them locked down as you upgrade tens to hundreds of different operating systems across multiple vendors across multiple device hardware models. Which means thoroughly testing that the vendor didn't accidentally break the option setting that turns them off... if you were lucky enough to have it in the first place.
  People who are not in IT, or are in IT but have a nice monolithic setup where you have 2-3 server OSes, one monolithic datacenter top-of-rack OS/switch, and maybe an intellegent power strip and UPS in the mix and maybe a SAN or load balancer, have no idea what a challenge this actually is to accomplish in a large heterogeneous network that does a lot more than serve webpages, engage in HFT, or mine bitcoins.
  
  --
  Someone had to do it.
6. Re:Retards by ColdWetDog · 2017-01-18 06:11 · Score: 2
  
  Hah. Your puny wires, locks, boxes and security consultants are total fail.
  Forget cockroaches, Donald Trump and Madonna.
  It's small, furry rodents. All the way down. And Bob, you really should know about this.
  
  --
  Faster! Faster! Faster would be better!
7. Re:Retards by ColdWetDog · 2017-01-18 06:13 · Score: 2
  
  Goddamnit. Slashdot, just when are you going to enter the wonderful world of editing.....
  small, furry rodent redux.
  
  --
  Faster! Faster! Faster would be better!
8. Re:Retards by ColdWetDog · 2017-01-18 06:14 · Score: 2
  
  And it helps if you aren't trying to purify bomb-grade uranium.
  
  --
  Faster! Faster! Faster would be better!
9. Re:Retards by Bob+the+Super+Hamste · 2017-01-18 07:52 · Score: 2
  
  Heck, it's also useful if you can connect to control it even when weather conditions make it too hazardous to travel on-site
  Operators have worked shifts that last longer than a day. If a storm is coming in very often the power company will put a second set of operators up in a hotel within walking distance (often just a couple hundred meters) so that they can rotate people in and out as needed. This would also hold for having a second set of operators at the backup site as well, so there would be 4 sets of operators ready to go in these cases.
  
  [1] You could do that with suitable VPNing over the public internet. That way you benefit from its extensive reach, its cheap price, its resilience, the rapid repair time that ISPs offer. All you need to build is a network connection from each of your grid nodes to the nearest internet.
  Not done in the US and not allowed by regulation.
  
  [2] Or you could do it with dedicated leased lines that aren't part of the internet. You'll pay a heck of a lot more, and loads of grid nodes won't have convenient connection.
  This is done but usually only between main and backup control centers.
  
  [3] Or you could put up your own network. (You're a power-grid so you're used to putting up networks!) But this isn't your core competence, will suffer from longer outages, and will be most expensive
  How do you think they are currently getting the data from substations and other devices. It isn't like DNP, Modbus, and ICCP haven't been around for ages and run just fine over the old serial connections that the power companies put in originally. Often they now have a serial to ethernet aggregators and then run just one line back but the power companies do know how to do this and do it well. For added redundancy you can also have microwave link from substations back to the control center which is often the case.
  
  Bear in mind that every subcontractor who prepares a bid using the public internet will produce a *LOWER* bid with *INCREASED* functionality. The only way that a higher-priced bid will ever win is if they someone demonstrate that the downside costs (in terms of expected cost of future hacks) will be significantly larger than the higher upfront bid. And any such attempted demonstration would be instantly met by the answer "why not use just a secure VPN to get best robustness at the cheapest price?"
  Yes a contractor could bid that and it may appeal to some of the dumber upper management at a grid operator. The problem is that there are smart people and regulations that would very quickly stamp that dumbness into the dirt. Bring up that doing so is a NERC CIP violation and carries a $1,000,000/day fine and you are talking real money real fast.
  
  So I think that infrastructure like this *can* and *should* be connected to the internet.
  Then it is a good thing that you don't work in that industry as that statement proves. You would have had that drilled out of you in your first NERC CIP annual training.
  
  --
  Time to offend someone
Practice by surfdaddy · 2017-01-18 04:21 · Score: 4, Insightful

Kill two birds with one stone - Russia aggravates the Ukraine, and also practices for what they could do to Europe and the US.
1. Re:Practice by Oswald+McWeany · 2017-01-18 05:18 · Score: 2
  
  I'm sure if this were the Russian government then ALL the powerstations would have gone down. The fact that only one went down suggests to me that it is some Russian nationalists with hacking skills and a nationalistic fire in their belly.
  Expect if we go to war against Russia/China all the lights will go off and communications will be disrupted in our country and theirs- at least initially.
  
  --
  "That's the way to do it" - Punch
330 KILOwatt? by Ungrounded+Lightning · 2017-01-18 04:55 · Score: 2

... 330 kilowatt sub-station ...
That's either a typo or the Ukraine has a VERY wimpy power grid, to have a "substation" that small.
330 kW is 440 HP, in the moderate-low range for a big rig's semitractor engine. In the US a typical household averages over a kilowatt 24/7, with peak hours higher. So a "substation" that small would serve a neighborhood of maybe a hundred houses or a bit more.
In my Silicon Valley townhouse's neighborhood, built back in the '50s or so, we have over a hundred houses served by a single-phase "bank" - a parallel connection of three "pole pigs" spread out around the neighborhood, with their primaries and secondaries tied. It doesn't even rate an independent switch. (When a goose shorted and dropped a primary line they just disconnected the primaries to the segment containing the bank until it was fixed.) Several banks on each phase are tied together before you have enough load to rate actually installing a switch on the feed, several of those before it rates a remote-controlled switch, and several small towns (or a substantial factory) before it rates a "substation" - a fenced-off chunk of land with big box equipment.

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
1. Re:330 KILOwatt? by pointybits · 2017-01-18 09:06 · Score: 4, Informative
  
  It is actually a 330/220/110 kV substation, with a capacity of around 472 MVA: http://wikimapia.org/19193860/... and http://ukrenergo.energy.gov.ua...
There are legitimate use-cases... by mi · 2017-01-18 06:34 · Score: 2

I've never been to a power-generating station, so my speculations are very general...
Given: you wish to use computers to better manage the power-generation and distribution. Computers run software — either your own, or, more likely, commercial.
Software requires perpetual maintenance — fixing bugs and improving. Most of today's software vendors — both external and internal to enterprises — publish updates online. Voila, your computers need access to the Internet to get it. It may not be direct access — you may be able to limit it only to certain subnets and protocols. But their need to such access is still legitimate.
Even if you lock it all down and update only via a CD or a flash-card, you are still vulnerable. A hostile state can seduce, bribe, or blackmail whoever is supposed to carry the media. Russian prostitutes are the best in the world claims Vladimir Putin — while a hitherto unfuckable geek is getting the "girlfriend experience" of his life, her KGB-colleague can examine and subtly alter the files.
You can not eliminate such risk — you can only mitigate it...

--
In Soviet Washington the swamp drains you.
1. Re: There are legitimate use-cases... by pixelpusher220 · 2017-01-18 07:40 · Score: 2
  
  These computers are beyond mission critical. It is entirely possible to update from a local source.
  
  Any even medium sized site will update via a designated update server so you aren't downloading the same update 500 times.
  
  And since your mission critical Machines aren't connected they don't need Adobe updates etc.
  
  --
  People in cars cause accidents....accidents in cars cause people :-D
2. Re: There are legitimate use-cases... by mi · 2017-01-18 19:08 · Score: 2
  
  An online connected system is much more at risk than one needing an inside manual hand
  Is it? Why? I can imagine a number of scenarios, when it may be easier to corrupt a human being, than to break the security software and/or encryption keys...
  
  Mission critical should be air-gapped so that the risks can be reduced.
  Iran's nuclear centrifuges were air-gapped. It did not save them... Worse, it may have made the break-in easier, while making its detection and cleanup harder.
  
  --
  In Soviet Washington the swamp drains you.