Weekly Executive Summary for Week of January 20, 2017

Hacking Confirmed as Cause of Ukraine Power Plant Outage

On the night of December 17, 2016, Ukraine’s national power company Ukrenergo experienced a power outage that lasted for about an hour in the city of Kiev and the Kiev region.  Ukrenergo suspected that “external influences” had interfered with the normal operations of their systems and had their cybersecurity experts looking into the incident.  They confirmed this month, January 2016, that the outage was caused by a cyberattack.

Expert analysis indicated that it was a “planned and layered intrusion” using malware to remotely take control of their systems.  They are continuing to piece together the timeline of events and gathering information on the points of entry that were used.  This data will help Ukrenergo to create measures to help prevent future cyber attacks. It is suspected that multiple groups had worked together and combined techniques to orchestrate the attack.

According to researchers at Information Systems Security Partners (ISSP), these attacks were similar to those in the previous year, December 2015, but showed a higher level of sophistication and organization.  ISSP also feels that both the 2015 and 2016 attacks are connected, as well as other recent attacks on Ukraine’s state institutions.  Booz Allen Hamilton published a report in October 2016 that detailed that the attacks on Ukraine’s energy grid was actually part of a long-running campaign.  The targets of this campaign included Ukraine’s railway, media, mining and government sectors.  Ukraine has accused Russia of being behind these cyberattacks.  So far there is only circumstantial evidence that links the country to the attacks, but the objectives of the attackers seem to line up with Russian political goals.  There are also indicators that a nation state is involve because of the amount of resources being used.

These attacks showcase the fact that no individual mitigation method will be sufficient in preventing a system from being compromised.  Attackers used different methods until they were able to successfully penetrate the defenses and move on to the next.  Because of this, the best strategy is to create a layered defense, or defense in depth.  This involves ensuring that all layers of defense are cohesive and wide-reaching.  Booz Allen Hamilton asserts that this method will prevent single point of failure as well as increasing the chance of detecting a network intruder.  

Sources: Ukraine Power Company Confirms Hackers Caused Outage (SecurityWeek), Ukraine Accuses Russia of Hacking Power Companies (SecurityWeek), Ukraine power cut ‘was cyber-attack’ (BBC), When the Lights Went Out (Booz Allen Hamilton)

Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: uhwocscc@hawaii.edu