This post is also available in: עברית (Hebrew)
Cyber is the war turf, that much has become painfully clear. The recent cyber attacks on Ukrainian electrical infrastructure demonstrate that much. The US Department of Homeland Security (DHS) is paying close attention to these developments and urging power companies to develop new, better practices to combat this threat.
“A targeted cyber incident — either alone or combined with a physical attack — on the power system could lead to huge costs and cascading effects, with sustained outages over large portions of the electric grid and prolonged disruptions in communications, water and wastewater treatment services, healthcare delivery, financial services and transportation,” said Caitlin Durkovich, assistant secretary of Homeland Security for Infrastructure Protection within the National Protection and Programs Directorate.
A team of US officials travelled to Ukraine in January to examine the now infamous incident. They discovered that almost half a year prior, an unknown attacker used a spear-phishing attack to obtain credentials and unauthorised access to the power plant’s control systems. Using these, the hacker was able to shut down circuit breakers and disrupt regional power supply.
To prevent such an incident from occurring in the US, the FBI and DHS are issuing briefings to the electrical industry to help them prepare for the possibility. “Ukraine Cyber Attack: Implications for US Stakeholders,” as the series of briefings is called, is looking to educate executives, security personnel, and government officials on “strategies for mitigating risks and improving an organization’s cyber defensive posture.”
The briefings urge utilities to implement (sometimes basic) security procedures and protocols, such as multifactor authentication for remote access and mandatory complex passwords. Additionally, utilities are urged to develop precise action plans to tackle breaches in progress and ensure communication back-ups in the event hackers shut down communication lines between workers.