Power Protection FEATURED ARTICLE

A few days before this past Christmas, on December 23, the area around the Ukrainian regional capital city of Ivano-Frankivsk was hit by what was believed to be a cyber attack. The result was a power outage that affected more than 700,000 western Ukrainians. Several security firms, which included American firm iSight Partners suspected that the cause of the power grid going dark was a cyber attack.

After cyber experts at SANS Industrial Control Systems (ICS) conducted a detailed analysis, they confirmed that the outage was a "coordinated intentional attack." As mentioned in an Ars Technica article, Michael Assante, director of SANS ICS, commented that "After analyzing the information that has been made available by affected power companies, researchers and the media, it is clear that cyber attacks were directly responsible for power outages in Ukraine. We assess with high confidence based on company statements, media reports and first-hand analysis that the incident was due to a coordinated intentional attack."

It is believed that this was a three pronged cyber attack. The first phase gave the hackers access to the power company systems, which allowed them to open circuit breakers, effectively cutting off the power. The next phase was to use a wiper utility known as KillDisk designed to prevent any efforts of recovery from the attack. The final phase was a denial-of-service [DoS] to the phone systems which prevented power company personnel from receiving customer reports of outages.

It was originally thought that a malware tool known as BlackEnergy with the KillDisk component was the culprit, but Assante said, "Malware likely enabled the attack. There was an intentional attack, but the KillDisk component itself did not cause the outage."

In a blog posting iSight Partners’ director of cyber espionage analysis, John Hultquist, attributed the hack to a Russian hacking group known as the Sandworm Team. He wrote "We have linked Sandworm Team to the incident, principally based on BlackEnergy 3, the malware that has become their calling card."

There is still no real confirmation as to what group initiated the cyber attack and many of the details concerning the event remain unknown. Due to the nature of the incident, especially the use of destructive malware, it is unlikely that every detail of the operation will be exposed.

It is evident that these days nature is not the only cause of power outages. Regardless of whether a fallen tree branch or a cyber attack knocks out power, we live in a time when protecting your data and equipment is essential. There is no doubt that a solid backup policy is a crucial component to remaining secure.