Report: Malware traced to Ukraine grid attacks could be used to target US grid

Dive Brief:

  • Malware that was used in a 2015 cyberattack resulting in power outages in Ukraine could be modified by its Russian developers to target the United States, according to a new report from cybersecurity firm Dragos.
  • Cybersecurity has become a primary grid concern for grid operators, and in January, Sen. John McCain confirmed Russia has the capability to shut down American power plants through cyber hacking efforts.
  • The malware, dubbed "CrashOverride," is just the second industrial control system (ICS)-tailored malware to target physical industrial processes, according to Dragos.

Dive Insight:

Russia's ability to attack a power plant was already known, but the ongoing election-related investigation could raise the stakes for utilities and grid security.

According to the Washington Post, the malware's most dangerous function allows it to manipulate the settings on electric power control systems, scanning for critical components and opening circuit breakers to create a sustained outage. And the malware can be altered to attack various kinds of operations or power plants in different places.

The North American Electric Reliability Corp. issued a Level 1 alert in the wake of Dragos' revelations. According to NERC's alert, the malware can "cause loss of visibility, loss of control, manipulation of control, interruption of
communications, and deletion of local and networked critical configuration files."

CrashOverride is "not unique to any particular vendor or configuration and instead leverages knowledge of grid operations and network communications to cause impact," Dragos' report finds, making it a flexible threat. "It can be immediately re-purposed in Europe and portions of the Middle East and Asia."

Dragos said the malware was shared with it earlier this monthly anti-virus firm ESET, which asked it to confirm its findings.  This is the second known piece of malware to target physical industrial systems. The first was Stuxnet, designed by the United States and Israel to Iran’s nuclear program.

Dragos said the CrashOverride software "could be leveraged at multiple sites simultaneously, but the scenario is not cataclysmic and would result in hours, potentially a few days, of outages, not weeks or more."

Lloyd's of London in 2015 issued a report aimed at informing the insurance industry as to the potential impacts of a widespread attack on the U.S. power grid, and concluded the total economic loss could range from $243 billion up to $1 trillion in the most damaging scenarios.

The North American Electric Reliability Corporation held a simulated attack on the United States grid infrastructure in 2015, finding that communication between the utility industry and federal government needed to be improved, among other recommendations. 

Follow on Twitter

Filed Under: Transmission & Distribution Technology