A Kiev power outage last weekend in Ukraine has been linked to a cyber attack, which is worryingly similar to an attack that happened around the same time last year.
Sub-stations and transmission stations have always been a weak point for nation-state attacks as EVERYTHING relies on them now. Plus with smart grids and remotely controlled stations, the attack surface for such utilities is increasing year by year.
A cyber attack is suspected in connection with an outage of the Ukrainian power grid that affected homes around Kiev last weekend.
A substation in Pivnichna was cut off from the main power grid for about 75 minutes late on Saturday 17 December, lasting into the early hours of Sunday. As a result, houses and flats of the right bank district of Kiev* and neighbouring areas lost power.
Ukrenergo, a Ukrainian energy provider, said that “hacker attack and equipment failure are among the possible causes for the power failures”, according to local reports.
Moreno Carullo, co-founder and chief technical officer at Nozomi Networks, said, “These reports are reminiscent of an attack experienced at a similar time last December that left 225,000 Ukrainians cold at Christmas. Worryingly, if this does prove to be another cyberattack on the Ukrainian grid, it sets an uncomfortable precedent that similar attacks may occur annually at this time of year.”
The recent outage appears to centre at a transmission substation. These are used to transport electricity over long distances, with its primary function to raise/lower and control the voltage, provide power factor correction to protect from overloads, and perform checks to synchronise power flow between two adjacent power systems. A distribution substation is then used, closer to cities, to carry electricity to users.
“All this equipment (the transmission and the primary distribution substations) are automated and remotely controlled, while smaller ones maybe electro-mechanically operated and are certainly unsupervised,” according to Carullo.
It seems a lot of these stations are pretty old and if they are connected to the Internet (which they seem to be), it’s been retro-fitted. Sadly when such things happen security is rarely a concern or even something discussed.
If they connect their remote control software, it works – and that’s usually the end of that.
“Substations have long been considered a weak point, with respect to cybersecurity, due to their remote location making them difficult to manage and monitor for disruptions. While some are completely disconnected, and are therefore considered safe from cyberattack, others form part of a Smart Grid which means they are part of a fully connected series of systems to allow for improved efficiency of the power grid. However, with Smart Grid connectivity comes increased vulnerability to cyberattacks due to the connected nature of the entire grid,” he added.
A hacker who gains access to internet-connected control panels might be able to disable inverters and fire alarms, triggering blackouts and equipment damage to many households in one time. If hackers did attack Kiev’s power grid – something that’s still the subject of investigation – then Russia will almost inevitably become the chief suspect, given recent (unresolved) conflicts between the two countries.
Alex Mathews, lead security evangelist at Positive Technologies, remains unconvinced that hackers caused the latest power outage in the Ukraine. Equipment failure can’t be ruled out as a cause, he pointed out.
“Power outages in winter time is a pretty common story for ex-USSR territories where the power equipment is old, so it can shut down when people use too many electric heaters, lamps and other appliances,” Mathews said. “Such power outages happen every year, even in big cities like Moscow, Petersburg and Kiev.”
The temperature in Kiev on the day ranged from a -1˚C maximum and a -9˚C minimum.
Let’s hope this isn’t a trend and citizens of Ukraine can avoid getting a nasty shock like this each December in the coldest period of the year.
You also can’t rule out nation-state attacks just testing the resources and reaction times of Ukraine (possibly Russian?).
Source: The Register