News broke today that power firms around the world are being warned about how to spot if they are being targeted by hackers who shut down parts of Ukraine’s electricity grid. The warnings have emerged from analysis of the malware used in an attack in Ukraine in December, which left about 230,000 people without power for hours after substations were shut down via implanted malware. IT security experts from Nozomi Networks and Tripwire commented below.
Andrea Carcano, Co-Founder & Chief Product Officer at Nozomi Networks:
“Operators of industrial control systems need the ability to automatically identify potential issues in real-time – whatever is the underlying cause, to speed the investigation of incidents and ultimately contain attacks or system failures before significant damage can occur. However, the advanced malware employs industrial communication protocols used worldwide in power supply infrastructure to directly control electricity substation switches and circuit breakers and it can be difficult to detect using tradition IT security tools. Thus, specialized industrial control system monitoring and intrusion detection technologies are needed which can identify possible attacks and offer operators early warning. Fortunately, advanced ICS intrusion detection is available that would both identify this type of malware’s presence and help protect against its impacts. They use state-of-the art artificial intelligence and machine learning to detect anomalies and apply special rules that work together to defend against these new advanced malware threats.”
Tim Erlin, VP at Tripwire:
“Awareness of the threat is a prerequisite for an adequate defense. It’s important that the tools and techniques involved in these kinds of attackers are shared so that utilities can be better prepared. The research shared at conferences like Black Hat and Defcon helps drive both awareness of the threat and inform specific defensive actions against these attacks.”
“The entire energy market needs a shift in mindset to build cybersecurity into their operations. The threat of cyberattack is a threat to reliability of the electric grid. This isn’t about shadowy hackers stealing data from a few computers. This is about human safety.”