Welcome!

Enterprise IT Context for the CTO

Bob Gourley

Subscribe to Bob Gourley: eMailAlertsEmail Alerts
Get Bob Gourley via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Blog Feed Post

The Attack We Have Long Predicted Just Occurred: Highly destructive cyber attacks drop a power grid

Bob Gourley

An article posted in the Ukrainian news services TSN reported that massive outages suffered in the country were caused by highly destructive malware that infected at least three regional power authorities in Ukraine. The site reported that the only way to restore power was to return to manual methods, something that may be hard to do in other nations (including the U.S.).

ARS Technica reporting included information sourced from the highly regarded John Hultquist of iSIGHT Partners. Their reporting (First known hacker-caused power outage signals troubling escalation) includes:

"It's a milestone because we've definitely seen targeted destructive events against energy before—oil firms, for instance—but never the event which causes the blackout," John Hultquist, head of iSIGHT's cyber espionage intelligence practice, told Ars. "It's the major scenario we've all been concerned about for so long."

Researchers from antivirus provider ESET have confirmed that multiple Ukrainian power authorities were infected by "BlackEnergy," a package discovered in 2007 that was updated two years ago to include a host of new functions, including the ability to render infected computers unbootable. More recently, ESET found, the malware was updated again to add a component dubbed KillDisk, which destroys critical parts of a computer hard drive and also appears to have functions that sabotage industrial control systems. The latest BlackEnergy also includes a backdoored secure shell (SSH) utility that gives attackers permanent access to infected computers.

Opinion: This type of attack has been predicted for years and is the type of scenario that gave rise to scores of planning events and policy initiatives in the U.S., including the Clinton-era President's Commission on Critical Infrastructure Protection, which gave rise to new constructs for helping the nation's privately run infrastructures better think through ways to protect themselves and share information. But still, till today, the threat of a cyber attack against a power grid being able to bring down the grid was one that some felt was very unlikely.  Although intelligence professionals have gone on the record saying that our grids are being probed and that there are indications that some foreign states have placed logic bombs in portions of the grid, those types of warnings are not widely read and seem to be easily forgotten. The fact that a major attack has caused an outage like this should be considered in this context. This type of attack is a real scenario and the threat of it must be mitigated.

 

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder and partner at Cognitio Corp and publsher of CTOvision.com