Utilities look back to the future for hands-on cyberdefense

The aftermath of the cyberattack in Ukraine on Dec. 23, 2015, produced two unexpected lessons that U.S. grid operators have started to take to heart.

After cutting off power to nearly 250,000 homes and businesses in western Ukraine, the cyber terrorists delivered a final punch to the gut. The hackers wrecked some of the digital controls the operators needed to restart the system remotely. An aptly named cyber weapon called "KillDisk" hidden inside the Ukraine system erased parts of the operators' startup software.

But substations across the Ukraine utilities' grid networks still had Soviet-era manual controls, so crews were able to restore power by hand within six hours. CONTINUE READING >>>


Grid hack exposes troubling security gaps for local utilities

When Washington state utility executive Benjamin Beberness dug into what was behind the crippling cybersecurity blackout in Ukraine, the details were chilling, not only because of their malevolent nature but because of how familiar those details were to Beberness.

In early spring of 2015, a "red team" of National Guard cyber experts had taken just 22 minutes to break into Beberness' electricity company, the Snohomish County Public Utility District, north of Seattle. Beberness had invited them in to test the utility's defenses. CONTINUE READING >>>


How DHS fell silent when a hack threatened the U.S. power grid

A month after hackers blacked out power in western Ukraine, a team of U.S. security experts touched down in Kiev to piece together the extraordinary assault.

Interviews, cellphone video evidence and a crash course in Soviet-era grid equipment helped the dozen or so Americans untangle the Dec. 23, 2015, cyberattack on three utilities. The investigators traveled thousands of miles with one big question in mind: Could the methods used to hack the Ukrainian power distributors, or the hidden code behind the strike, pose a threat to the U.S. electric grid?


Inside the Ukrainian hack that put U.S. grid on high alert

Eastern Europe was blanketed in a heat wave last summer. In Kiev, Ukraine, a state of desperate resignation had set in as fighting intensified between pro-Russia rebels and Ukrainian forces to the east. Separatists closed highways and attacked ports. Meanwhile, a silent incursion had started to worm its way into the email accounts of employees at media outlets, national railroads and power distributors in the western half of the country.




Glossary of terms

DHS: The Department of Homeland Security, the lead agency for collecting, assessing and distributing information about cybersecurity threats to critical U.S. infrastructure.

I&A: The Office of Intelligence and Analysis is the DHS agency charged with sharing threat information and analysis with state and local officials. It connects the nation's massive apparatus for gathering classified intelligence with "customers" at state fusion centers.

DOE: The Department of Energy supports cybersecurity research and information sharing. But questions are being raised about how coordinated DOE and DHS are when it comes to specific threats to the grid.

ICS-CERT: The Industrial Control Systems Cyber Emergency Response Team monitors and issues warnings about threats. This group within DHS can be called upon for network expertise in the case of a cyberattack against an electric, gas or water utility.

NERC: The North American Electric Reliability Corp. is the Congressionally-chartered entity responsible for ensuring continuous, safe operation of the U.S. power grid. It updates and audits enforceable cybersecurity standards for the bulk power network.

E-ISAC: The Electric Information Sharing and Analysis Center is an information portal housed within NERC.