Days before Christmas in 2015, remote hackers wrested control from Ukrainian grid operators, and, by digitally commandeering substations, shut off power for 225,000 customers for several hours. Then, in mid-December of last year, hackers developed a malicious code that, without any real-time human support, disrupted a Kyiv transmission station and caused a substantial blackout that lasted roughly an hour in the capital—in the first fully automated grid attack ever seen. This was reported by The Atlantic agecy.
Some evidence has already suggested that a new attack could be in the works. Robert Lee, the CEO and founder of the industrial-cybersecurity firm Dragos and a leader in analyzing both of the Ukraine grid attacks, says that in recent weeks he has observed an unusual spike in activity in Ukraine by the same group of developers who engineered the malware used in the 2016 attack. From last year’s attack until mid-November, Dragos had registered very little activity in Ukraine by the group, Lee says.
“In our assessment, it would be completely reasonable to execute an attack this month,” he warns.
It’s possible that this spike in activity could be reconnaissance, preparation for a later operation, or simply an intention to create fear of a forthcoming hack. Michael Assante is the director of industrials and infrastructure at the cybersecurity-focused SANS Institute and a lead investigator of the 2015 attack. He says that, given the continuous and sustained access campaigns in the Ukraine - which have occurred against the backdrop of the clash in Eastern Ukraine that resulted from Russia’s annexation of Crimea, in 2014 - it is unclear if an attack is being readied.
“The attackers could launch an attack if they believed an attack served a purpose and felt that the risk of being foiled was low enough to proceed,” he says.
As it was reported earlier Law on Basic Principles of Ukraine’s Cyber Security, adopted by the Parliament in October and signed by the President on November, 7, has been officially published. The document defines the basic infrastructure objects, which compose critical infrastructure of the country that needs the best possible cyber protection.
The law also lays legal and structural basis of protection of vital interests and the rights of Ukrainian citizens, the entire society and the state, Ukraine’s national interests in the cyber space. The separate article dedicated to the issue that the cyber-security should not mean oppressions on the internet. Also, the draft law does not cover the data that are passed in the communications or technologic schemes, social networks, blog platforms, video hosting services and others.