Why Ukraine's Hacker-Caused Power Outage is So Scary for the United States

A blackout affecting half the homes in the Ukraine’s Ivano-Frankivsk region this holiday season was the work of destructive malware unleashed by hackers. It’s a reminder that worldwide industrial systems — including those in the United States — will be increasingly targeted by digital attacks.

Thousands of homes were left without power on December 23 after a virus disconnected electrical substations from the grid, according to a Ukranian news service TSN. On Monday, researchers at Dallas-based security firm iSIGHT Partners confirmed that a cyberattack on three regional electrical operators was the cause.

Speaking to Ars Technica, iSIGHT’s John Hultquist explained how this is confirmation of longtime fears:

“It’s a milestone because we’ve definitely seen targeted destructive events against energy before — oil firms, for instance — but never the event which causes the blackout. It’s the major scenario we’ve all been concerned about for so long.”

The weapon was “BlackEnergy,” a trojan first identified in 2007. Its most recent update leaves infected computers unbootable, destroys critical parts of the hard drive, and can even sabotage industrial control systems. That last part is especially important, and something we’ll pick up again in a moment. For now, here’s a bit of background on the trojan from cybersecurity company ESET’s blog We Live Security:

What hackers might really be after is the disruption of “industrial control systems.” That’s the term for the Frankensteined technological systems we use to operate critical infrastructure, like water-treatment facilities, pipelines, and, relevant to this hack, electrical grids. These are usually the responsibility of whatever private corporation owns the parts, and while once self-contained, they are now all connected to computer networks — and therefore the internet — just like everything else in the 21st century.

This all makes these control systems easier to operate, but as security experts have been warning us for years, much, much easier to hack, stop, or otherwise throw a wrench into. A Popular Mechanics investigation in 2009 found that America’s slow-to-upgrade systems remained susceptible, especially through glitches in the lines of code for popular systems. Hackers exploited that weakness in 2006 to shut down Alabama’s Browns Ferry nuclear power plant, and it may have helped cyberspies traced to China and Russia penetrate the U.S. electrical grid to implant disruptive software programs in 2009.

Six years later, those industrial systems are still attractive targets. In a September 2015 statement to the House Permanent Select Committee on Intelligence, Director of National Intelligence James Clapper warned of Russian hackers attempting to penetrate them:

“Politically motivated cyber attacks are now a growing reality,” he said. “Foreign actors are reconnoitering and developing access to U.S. critical infrastructure systems, which might be quickly exploited for disruption if an adversary’s intent became hostile.”

Unfortunately, there’s no easy fix for this problem and the one thing everyone agrees on is that while this blackout is the first success for these hackers — it won’t be the last. Maybe put a generator on next year’s Christmas list.