A cyber attack against a Ukrainian power grid left customers without electricity for an hour last month. Ukrainian security researchers involved in the investigation say they believe the attack was conducted by the same hackers who cut power in Ukraine a year ago.
Tim Erlin, Sr. Director, Product Management at Tripwire:
“While this second attack on the Ukrainian power grid is concerning, the string of attacks across high value targets in the Ukraine is more disturbing. From finance to rail, the series of attacks has targeted Ukraine’s critical infrastructure. Cyberattacks against energy infrastructure are here to stay, and the industry needs to incorporate defense into standard operating procedure.
When attackers can cause an outage, we’re not talking about data protection; we’re talking about human safety.
There’s more to learn about this attack buried in the logs and other data that’s been collected. The investigation is far from over, and while the headlines may fade, industry professionals should be diligent in learning all they can in order to better defend their own organizations.”
Andrea Carcano, Founder and Chief Product Officer at Nozomi Networks:
“While hardly a surprise that this has now been confirmed as a cyber attack, it demonstrates a worrying trend. I think the suggestion that the Ukraine is being used as a ‘testbed for refining attacks’ is highly likely and what’s particularly concerning is that the attackers could have caused far more damage than they did.
“We can’t be sure who is behind this latest attack, but it’s likely to be several criminal gangs working together to conduct the incursion. The methodology used demonstrated they had sophisticated skills, with the attack better organized and more complex than the 2015 breach. This illustrates that there are adversaries, with both intent and ability, to launch attacks and cause damage to the critical infrastructure of every country around the globe, and this threat must not be ignored.
“Cyber resiliency through defence in depth measures is needed and that includes network segmentation, firewalls and visibility solutions. All protectors must re-examine their ICS cybersecurity programs carefully and arm themselves with technology that will enable them to detect and respond to attacks, in real time, if they’re to keep the attackers out and the power on.”