ELECTRICITY IS the lifeblood of an economy and a society, enabling transportation, communications, food, health care and many other necessities. On Dec. 23, about half of the 1.4 million homes in the Ivano-Frankivsk region of western Ukraine went dark for three hours when multiple electrical substations failed. The blackout was not caused by a rusty connection or a tree falling on a power line but appeared to be a rare example of malware being used to switch off an electrical grid.
A cybersecurity firm, iSight Partners, has reported that Russia, which has done much to destabilize Ukraine over the past two years, probably was behind the attack. The group that launched the attack has been dubbed Sandworm by the firm, which said the same group was behind assaults on NATO, energy-sector firms and government organizations in Ukraine, Poland and Western Europe. The security firm suggested the assault was caused by malware known as BlackEnergy, which could have entered the substations and enabled attackers to switch off the power. Much is still unknown about how this might have worked, but it is another ominous reminder that the age of cyberconflict has arrived.
The United States and Israel pioneered the use of malware to damage industrial control systems with the creation of Stuxnet, a digital worm infiltrated into Iran that caused malfunctions in systems enriching uranium. While Stuxnet may have been innovative, it is no longer unique, and the ability to misdirect or wreck industrial control systems that are connected to the Internet is spreading. Much has been aired in the past year or two about the vulnerability of electrical grids to this type of mischief, a threat that all nations and electricity networks should take extremely seriously. Journalist Ted Koppel, author of a recent book on the topic, wrote in these pages in October, “Our electric power grids, in particular, are highly susceptible to cyberattacks, the consequences of which would be both devastating and long-lasting.” A similar cyberattack was reported to have recently targeted Israel’s electrical grid.
Other cyberattacks have involved stealing massive loads of intellectual property, such as at Sony Pictures Entertainment, or scooping up truckloads of personal data, such as the breaches at Target and Home Depot. Cybersnoops have wormed their way into the Joint Chiefs of Staff and the White House, and thieves took millions of sensitive dossiers from the Office of Personnel Management. But the electrical grid shutdown in Ukraine heralds an altogether different kind of danger, one that can manipulate machines that control industrial equipment, such as power grids and dams, and cause them to behave in dangerous ways.
It is entirely plausible that Russia — either the state or its proxies — carried out such a cyberattack on Ukraine. Russia’s offensive cybercapabilities are growing, as are those of a dozen other countries, including the United States. The Ukraine blackout is a cautionary signal that a new type of destructive conflict is possible — and probable.
Read more on this topic: