There but for the grace of God go – We

Wired released a story today on the hack of the Ukraine power grid last December 23.  This is the first time I have seen the “H” word (hack) used in anything closely considered official.

The Wired article is based on a SANS Institute paper by investigators who were on the ground in Ukraine, scheduled to be released today.

One expert called the attack brilliant.

The hackers installed malware on the the business network of Ukraine power companies, but that didn’t get into the control rooms.  But it did get them into the domain controllers that held VPN passwords that the operators used to get into the control rooms remotely.

When they launched the attack, they took over control room computers and started opening up circuit breakers in different power plants, plunging hundreds of thousands of residents into the dark.

They overwrote firmware and shutdown backup power systems so that workers had to go to the power plants to turn the power back on.  They even wiped the hard drives of the control room computers.

The good news is that there is less automation in Ukraine than in the U.S., so there are manual backups that allowed them to start getting lights back on in a few hours.

In the U.S., in some power generation systems, it is all automated.  If the automation goes down, they are down until they get the automation fixed.  Apparently in Ukraine, some of that automation is still not fixed 4 months later.  Think about being in the dark for 4 months.

The article goes on to provide more details and the SANS report will provide even more details, but here is the point.

Parts of Syria went dark this week.  Was it a hack?  I wouldn’t place bets on it not being one.

Could the same thing happen in the U.S.?  According to experts quoted in the article – actually some of the security in the Ukraine power plants is better than some of the U.S. power plants.

So, the short answer is YES, it could happen here.

The other part of the story – the hackers were trying to fire a shot across the bow.  It could have been much worse.

U.S. critical infrastructure definitely has some interesting challenges.  Me – I am going to get my off-grid home ready.

Information for this article came from Wired.

Leave a Reply

Your email address will not be published.