Due to a lack of time, I did not blog about what seemed to be the world’s first recorded case of a computer breach taking down a sizable chunk of an electricity grid.
So, here there is a case of the second hack. Nothing went black (according to the report), but the grid was/is out of control.
Israel’s Electricity Authority experienced a serious hack attack that officials are still working to repel, the country’s energy minister said Tuesday.
“The virus was already identified and the right software was already prepared to neutralize it,” Israeli Energy Minister Yuval Steinitz told attendees of a computer security conference in Tel Aviv, according to this article published Tuesday by The Times of Israel. “We had to paralyze many of the computers of the Israeli Electricity Authority. We are handling the situation and I hope that soon, this very serious event will be over … but as of now, computer systems are still not working as they should.”
The “severe” attack was detected on Monday as temperatures in Jerusalem dipped to below freezing, creating two days of record-breaking electricity consumption, according to The Jerusalem Post. Steinitz said it was one of the biggest computer-based attacks Israel’s power authority has experienced and that it was responded to by members of his ministry and the country’s National Cyber Bureau. The response included shutting down portions of Israel’s electricity grid. The energy minister didn’t identify any suspects behind the attack or provide details about how it was carried out.
The attack comes five weeks after Ukraine’s power grid was successfully disrupted in what’s believed to be the world’s first known hacker-caused power outage.
Hard to draw any conclusions from this. I found it interesting that they said they were sort of waiting for it and that they were ready to neutralize it.
The one thing we can be sure about, we are going to see more of this, and it is only a matter of time till one or more of us are impacted by it.
[Update, unlike this attack on Israel’s grid, the Ukraine outage was a very long and deliberate attack on just the electrical grid. The attackers first gained access to the workers remote log on system. Rather than doing anything there and then, they apparently spent months looking over the system layout and planed to take down as much of the system AND make it as difficult as possible to get back on line.
Roughly, in order. They first replaced the firmware in the Ethernet to serial converters at many substations.
Then, they replaced the firmware in several key UPS’s so that they would not do their job.
Then, they simply turned off the breakers in the substations via the control system graphical interface.
Once that was done, they formatted the computer hard drives as they backed out of the system.
The last breaker they flipped was the control center, which, since the UPS was now out of action, even when the operators got the power back on for themselves, their computers would not boot…. Once they got that solved, they still had to drive out to the substations because they could not command the breakers to turn back on because of the borked firmware in the protocol converters.
It was a spectacular hack. Key because it started with a human interface. Remote (from home) login].