Last December a cyber attack crippled Ukraine’s power grid. Engineers were able to manually restart power, workers still have to control the system manually. In many U.S. power systems, no manual overrides exist. A similar attack on the grid could leave America out of power much longer. WIRED’s Kim Zetter reports:
Regardless, the successful assault holds many lessons for power generation plants and distribution centers here in the US, experts say; the control systems in Ukraine were surprisingly more secure than some in the US, since they were well-segmented from the control center business networks with robust firewalls. But in the end they still weren’t secure enough—workers logging remotely into the SCADA network, the Supervisory Control and Data Acquisition network that controlled the grid, weren’t required to use two-factor authentication, which allowed the attackers to hijack their credentials and gain crucial access to systems that controlled the breakers.
The power wasn’t out long in Ukraine: just one to six hours for all the areas hit. But more than two months after the attack, the control centers are still not fully operational, according to a recent US report. Ukrainian and US computer security experts involved in the investigation say the attackers overwrote firmware on critical devices at 16 of the substations, leaving them unresponsive to any remote commands from operators. The power is on, but workers still have to control the breakers manually.
That’s actually a better outcome than what might occur in the US, experts say, since many power grid control systems here don’t have manual backup functionality, which means that if attackers were to sabotage automated systems here, it could be much harder for workers to restore power.
More on the threat from Ted Koppel here: