Scarinci Hollenbeck, LLC, LLCScarinci Hollenbeck, LLC, LLC

Firm Insights

The First Successful Cyber Attack on an Electrical Grid

Author: Scarinci Hollenbeck, LLC

Date: January 20, 2016

Key Contacts

Back

Experts have long warned about the exposure of industrial control systems to cyber attack. These systems, like those used in our electrical grid, usually are not regularly updated.

Their failure would cause significant social disruption. They are the soft underbelly of our modern world. For example, Stuxnet exploited a Siemens industrial controller not designed to withstand cyber attack. In another case, original, 1960’s 8 inch, floppy disks control parts of the launch systems for U.S. nuclear missiles.[1] Indeed, most homes still have traditional circuit breakers.

distribution electric substation with power lines and transformers, at sunset

The first known instance of malware causing a disruption in major electrical service took place on December 23, 2015 in Ukraine. At least three regional substations were disconnected from the grid. While not in the U.S., the Ukrainian methods and apparatuses for delivering electricity to the end-user are not significantly different. In all, around 700,000 homes lost power as a result of this attack.

The cyber attack happened when many Ukrainian power stations became infected by the malware package “BlackEnergy.” The package’s original purpose was to spy on various business groups, such as media organizations, power companies, and telecoms. However, the malware used in this attack contained several important upgrades to its functionality—most notably: making the infected machine unbootable, wiping all data on the infected machine, and backdooring a secure shell (SSH) utility, which gave the attackers permanent access to the infected machines. Researchers suspect that the attackers used the SSH to gain access to the systems and shut them down. Meanwhile, the program wiped all the data on the systems, making their recovery much more lengthy and difficult. Finally, the attackers waged denial-of-service attacks (DDoS) on the target’s internet and phones systems to prevent power company personnel from learning about the outages.

The group behind BlackEnergy is known as the “Sandworm Gang.”

In the past, this group has spied on NATO, Eastern European agencies, and European commercial and industrial groups. Research suggests that the group operates from Russia, although confirmation has been slippery, and even if they did operate from Russia, it is not clear who is directing them. Whoever this group is though, they possess enough sophistication to run a three pronged attack: shutting down electric service, wiping data on the system computers, and coordinating a DDoS attack on internet and phone systems. No one of these three prongs is necessarily a difficult attack. However, the coordination of all three indicates that, without hyper-sophisticated malware, attackers can use a variety of low-sophistication attacks in tandem to produce a high-level result.

The infection most likely, although not confirmed, occurred through Microsoft Word macros. These sorts of attacks are considered “social engineering” attacks, which rely on duping an end-user into installing malware or taking an action they otherwise would not and should not take. This particular kind is simple and insidious. For example, the end-user receives an email from his boss saying to review the attached document ASAP. The email looks legitimate, and not wanting to disappoint the boss, the user opens the attachment. As the Word document opens, it runs a macro that installs the malicious software, unbeknownst to the end-user.

Despite experts’ warnings, attacks on these sorts of systems have been rare and usually done only for specific discrete reasons. However, with the now real threat that these attacks could become more widespread and more frequent, we will have to acknowledge that any device with a computer connected to a system, must be secured and monitored for cyber-attack.

[1] Oddly enough, this is currently a pretty secure way to operate these missiles as the technology is so old that it is impervious to the advancements in cyber attack software. However, once someone does develop an exploit, the whole system will need to change.

Related Article:
Cyber Insecurity: The Dark Web

The Quantum Computer And The Obsolence of Current Encryption

What Is Cyber Security? It Starts With Cryptology

Cyber Insecurity: Ashley Madison Encrypted Passwords Cracked.

Survey Reveals Many Business Executives Lack Cybersecurity Confidence

Top Cybersecurity Threats Unveiled by Hackers – Is Anyone Safe?

Additional information and resources:
Cyber Security And Data Protection Group

Intellectual Property And Technology

    No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.

    Scarinci Hollenbeck, LLC, LLC

    Related Posts

    See all
    How to Conduct a Fair and Legal Employee Termination in 2025 post image

    How to Conduct a Fair and Legal Employee Termination in 2025

    Ongoing economic uncertainty is forcing many companies to make tough decisions, which includes lowering staff levels. The legal landscape on both the state and federal level also continues to evolve, especially with significant changes to the priorities of the Equal Employment Opportunity Commission (“EEOC”) under the Trump Administration. Terminating an employee is one of the […]

    Author: Angela A. Turiano

    Link to post with title - "How to Conduct a Fair and Legal Employee Termination in 2025"
    Admin Dissolution for Annual Report: What You Need to Know post image

    Admin Dissolution for Annual Report: What You Need to Know

    While filing annual reports may seem like a nuisance, failing to do so can have significant ramifications. These include fines, reputational harm, and interruption of your business operations. In basic terms, “admin dissolution for annual report” means that a company is dissolved by the government. This happens because it failed to submit its annual report […]

    Author: Dan Brecher

    Link to post with title - "Admin Dissolution for Annual Report: What You Need to Know"
    What Is Antitrust Litigation Law? post image

    What Is Antitrust Litigation Law?

    Antitrust laws are designed to ensure that businesses compete fairly. There are three federal antitrust laws that businesses must navigate. These include the Sherman Act, the Federal Trade Commission Act, and the Clayton Act. States also have their own antitrust regimes. These may vary from federal regulations. Understanding antitrust litigation helps businesses navigate these complex […]

    Author: Robert E. Levy

    Link to post with title - "What Is Antitrust Litigation Law?"
    Dissolving Your Business: Essential Legal Steps to Protect Your Interests post image

    Dissolving Your Business: Essential Legal Steps to Protect Your Interests

    If you’re considering closing your business, it’s crucial to understand that simply shutting your doors does not end your legal obligations. Unless you formally dissolve your business, it continues to exist in the eyes of the law—leaving you exposed to ongoing liabilities such as taxes, compliance violations, and potential lawsuits. Dissolving a business can seem […]

    Author: Christopher D. Warren

    Link to post with title - "Dissolving Your Business: Essential Legal Steps to Protect Your Interests"
    The Role of Corporate Restructuring in Mergers & Acquisitions post image

    The Role of Corporate Restructuring in Mergers & Acquisitions

    Contrary to what many people think, corporate restructuring isn’t all doom and gloom. Revamping a company’s organizational structure, corporate hierarchy, or operations procedures can help keep your business competitive. This is particularly true during challenging times. Corporate restructuring plays a critical role in modern business strategy. It helps companies adapt quickly to market changes. Following […]

    Author: Dan Brecher

    Link to post with title - "The Role of Corporate Restructuring in Mergers & Acquisitions"
    Crypto Enforcement: A Former Prosecutor’s Warning to Criminals and the Public post image

    Crypto Enforcement: A Former Prosecutor’s Warning to Criminals and the Public

    Cryptocurrency intimidates most people. The reason is straightforward. People fear what they do not understand. When confusion sets in, the common reaction is either to ignore the subject entirely or to mistrust it. For years, that is exactly how most of the public and even many in law enforcement treated cryptocurrency. However, such apprehension changed […]

    Author: Bryce S. Robins

    Link to post with title - "Crypto Enforcement: A Former Prosecutor’s Warning to Criminals and the Public"

    No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.

    Sign up to get the latest from our attorneys!

    Explore What Matters Most to You.

    Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.

    Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.

    Let`s get in touch!

    * The use of the Internet or this form for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be sent through this form.

    Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!