Thursday, January 7, 2016

Black Energy Attack on Ukrainian Power Grid

Federal agencies in the US are looking into the Black Energy malware and possible state sponsored hackers that took down the Ukrainian power grid just before Christmas. About 700,000 were affected for several hours. If this proves out, it will be the first documented case of an attack that actually interrupted service and is a grave concern for governments around the world.

Tim Erlin, Director of IT Security and Risk Strategy for Tripwire says, “Industry experts have been talking about how cyber attacks could directly affect the power grid for a long time, so it shouldn’t be a surprise that it’s now actually occurred. Discussing a threat doesn’t count as mitigation. Energy companies need to invest in securing their infrastructure, from control systems to corporate IT. Investment isn’t just about buying products. It’s about people, skills and process. Purchasing the latest security device is easy compared to training security staff effectively.

"All malware, including BlackEnergy, requires an infection vector to get to its target. Attackers will almost always take the path of least resistance. Today, that means published vulnerabilities, misconfigurations and phishing scams. These are all security issues that we can address, with sufficient resources.
 
"It’s myopic to think of this threat as an ‘energy sector’ problem. Any industry that relies on industrial control systems is at risk. Any industry where networked devices cause physical change in the world is a target for these kinetic cyber attacks.”