On December 23, 2015, the power grid in the Ukraine was hit with a cyberattack. The outage left a large region of Ivano-Frankivsk without power as a substation went down. They were able to get back online manually as they continue to search for the culprits.
In a report posted on ARS Technica, this attack included the use of unsecure Secure Shell (SSH) crypto keys which give the hackers permanent, root access to infected computers.
Researchers from antivirus provider ESET have confirmed that multiple Ukrainian power authorities were infected by "BlackEnergy," a package discovered in 2007 that was updated two years ago to include a host of new functions, including the ability to render infected computers unbootable. More recently, ESET found, the malware was updated again to add a component dubbed KillDisk, which destroys critical parts of a computer hard drive and also appears to have functions that sabotage industrial control systems. The latest BlackEnergy also includes a backdoored secure shell (SSH) utility that gives attackers permanent access to infected computers.
While the Ukraine was first, it’s a harbinger of the danger lurking in all our power grids – and that’s the warning coming from Ted Koppel in his new book, “Lights Out.” He predicts there will be a power grid breach in the next two years that could last anywhere from two months to two years based on the severity of the attack.
In his video about his book, he says, an attack will “plunge tens of millions of people into darkness for weeks or even months with no electric light or heat or refrigeration, no running water, no waste disposal.” His conclusions are based on a year and a half researching the topic with the best experts in and out of government. He adds, “The Internet can be used as a weapon of mass destruction and our electric power grids are a target – that’s a fact.”
Mr. Koppel spoke with the Venafi team at our annual company meeting last week, sharing his sense of urgency and concern about what might happen if the power grid goes down because of a malicious attack. Needless to say, he met with an enthusiastic audience hungry to do our best to keep the internet safe.
At the office, we talk about keys and certificates all of the time. Our focus comes from our singular mission to protect our customers from the bad guys. We know keys and certificates can be used to encrypt malicious traffic or hide malware, creating pathways for cybercriminals to vital services (like power grids) and critical business information.
At one point, Mr. Koppel asked people in the room to raise their hands if they believed a cyberattack was imminent. About half the room raised their hands. “What about the rest of you,” Mr. Koppel asked.
“Those are the people who are already convinced we can prevent it from happening by getting all of our power companies online with Venafi,” Jeff Hudson, Venafi CEO replied. Based on the energy and dedication in the room, that’s a good bet.
While the experts debate the consequences of an attack, they agree there is a threat. In an article on CSOonline, “Carl Wright, general manager of TrapX Security, puts it like this, ‘Power plants and our energy grid remain high-risk targets. It is imperative that we find new and innovative ways to detect adversaries early, mitigate the effects and then defeat them.’”
We can help you start defeating the attackers today. By securing your digital keys and certificates, we can restore trust to your networks. We help you safely increase encryption. From preventing outages based on expired or mismanaged keys and certificates to giving you visibility throughout your network, we are your Immune System for the Internet – learning, adapting, and protecting your data and systems.
Note: There’s an earlier book that came out in Germany that speaks to the situation in Europe. Take a look at Blackout by Marc Elsberg.