Pages

23 December 2016

Ukraine Investigates Suspected Cyberattack on


Ukraine is investigating a suspected cyberattack on Kyiv's power grid over the weekend, the latest in a series of strikes on its energy and financial infrastructure, the head of the state-run power distributor said on Tuesday.

Vsevolod Kovalchuk, acting chief director of Ukrenergo, told Reuters that a power distribution station near Kyiv unexpectedly switched off early on Sunday, leaving the northern part of the capital without electricity.

It comes after a Ukrainian security chief said last week that Ukraine needed to beef up its cyber defenses, citing a spate of attacks on government websites that he said originated in Russia.

Kovalchuk said the outage amounted to 200 megawatts of capacity, equivalent to about a fifth of the capital's energy consumption at night.

"That is a lot. This kind of blackout is very, very rare," Kovalchuk told Reuters by phone. He said there were only two possible explanations for the incident: either a hardware failure or external interference.

The company's IT specialists had found transmission data that had not been included in standard protocols, suggesting that external interference was the likeliest scenario.

Something new

Over the past month, Ukraine's Finance and Defense Ministries and the state treasury have said their websites had been temporarily downed by attacks aimed at disrupting their operations.

Kovalchuk said Ukraine's state security service had joined the investigation. "There are no final conclusions yet about what it was, but experts say that this was something new and they have not encountered this before," Kovalchuk said.

Last December, another Ukrainian regional power company

Prykarpattyaoblenergo reported an outage, saying the area affected included the regional capital Ivano-Frankivsk.

Ukraine's state security service blamed Russia.

Experts widely described that incident as the first known power outage caused by a cyberattack. The U.S. cyber firm iSight Partners identified the perpetrator as a Russian hacking group known as "Sandworm."

They said power distributors had ignored their own security rules by allowing critical computers to be hooked up to the Internet when they should have been kept within an internal network.

No comments:

Post a Comment