Alarm bells should be ringing about the risks posed by cyberattackers who are penetrating physical infrastructure with greater frequency. Last December, Ukraine’s power grid was hacked, presumably by Russia, in one of the first known incidents of physical infrastructure having been compromised and severely impacted by a cyberattack. While espionage and theft are the most common objectives of cyberintrusions, Ukraine’s example demonstrates that state and non-state actors can penetrate even the most sensitive and secure command and control structures, simply to create havoc and cause disruption to a nation’s ability to operate.
Not only did the perpetrators in this case succeed in disrupting the flow of electricity to some 200,000 people in Western Ukraine for several hours, they simultaneously targeted the automatic control systems of rail, mining and airport networks. According to the U.S. Department of Homeland Security (DHS), the attack was deliberately timed to occur during the specific period of the day when customers contact the help desks of Ukrainian electricity companies with the greatest frequency so that support staff were pre-occupied and attention was more likely to have been diverted from the initial network intrusion. In doing so, the hackers were able to test and monitor the companies’ and government’s reaction, which may in turn presage a future attack, designed to cause even greater havoc and disruption.
The malware used against the power companies was subsequently identified as BlackEnergy 3, believed to be of Russian origin and designed specifically to attack infrastructure systems. According to the DHS, a unique feature of BlackEnergy 3 is its KillDisk function, which enables the attacker to rewrite files on infected systems with random data while blocking the user from rebooting their systems, rendering them inoperable. The virus also searches victims’ computers for software primarily used in electric control systems, indicating a likely focus on critical infrastructure systems. The Ukraine example provides a good glimpse into the future, where attacks on infrastructure could become common, once the malware is perfected.