Fears concerning the ability of hackers to launch cyber attacks against national electrical grids have been renewed by a recent report. Partnering in the analysis was the security software firm ESET, based in Slovakia, and Dragos, a U.S. company specializing in data collection that aids in the defense of critical infrastructure.
Malware dubbed “Crash Override” or “Industroyer” was the supposed trigger in an attack on the Ukrainian national electrical grid in December 2016. The cyber crime was a sophisticated one, with industrial computers being ordered to shut down transmission on the electrical grid. The vulnerability of power grids has long been a concern of antiterrorism and cyber warfare experts, and this attack only intensified such fears.
Officials in the Ukraine are blaming Russian hackers, with official sanction from the government, for the attack. This is similar to current accusations in the United States that Russian state-sponsored hackers were involved in disrupting the 2016 election. Officials of the Russian government deny any involvement.
Robert M. Lee, the founder of Dragos, said the malware used in the Ukrainian attack was sophisticated enough to cause power outages of a few days in portions of the national grid, but not yet strong enough to bring down the entirety of the power grid all at once. He went on to report that defensive measures have been developed and shared with the Ukrainian authorities and power companies.
To detect this malware, power utilities will have to create network security procedures specific to it, according to Lee, who has experience as U.S. Air Force warfare operations officer. He added that the malware was able to attack power systems across Europe and that with “…small modifications, it could be leveraged against the United States.”
The technical analysis by ESET was released publicly and stated that Crash Override was “very probably” the source of the Ukrainian power outage, with its December 17 activation time stamp coinciding with the incident.
Crash Override is similar to a 2010 malware code dubbed Stuxnet, which is widely believed to have been used against the Iranian nuclear program in an attack coordinated by Israel and the United States.