A recent cyber-attack on Ukraine’s electricity network could be replicated in the UK, according to a member of a US investigation into the resulting blackout.

Robert Lee, an infrastructure specialist at cybersecurity firm the Sans Institute told the BBC, “The answer is yes [they could be vulnerable].”

Last week, the US Department of Homeland Security formally blamed hackers for December’s power cuts, without naming the suspected perpetrators.
Cyber threat against power plants
About 225,000 people were left without power for several hours when the Ukraine suffered what is believed to be the first successful cyber-attack on an electricity distribution network.

“The way the Ukrainians set up the grid and the type of the equipment they are using is also the way a lot of other nations do it,” said Mr Lee. “This was a shot across the bows.”

In Mr Lee’s view, the attack was highly likely to have originated in Russia. But he said it was not possible to say whether it was the “Russian government or a well-funded [non-government] team”.

At least six months before the power was shut off, he explained, attackers had begun sending phishing emails to Ukraine’s power utility companies’ offices, containing Microsoft Word documents. When opened, they installed malware.

Firewalls separated the affected computers from the power control systems. But the malware – known as BlackEnergy 3 – allowed the hackers to gather passwords and logins, with which they were able to mount an attack. After months of work, they gained the ability to remotely log in to vital controls, known as supervisory control and data acquisition (Scada) systems.

Finally on 23 December, Mr Lee said, the attackers “remote desk-topped” into the Scada computers and cut power at 17 substations.

At the same time, they jammed company phone lines, making it hard for engineers to determine the extent of the blackout.

Chancellor George Osborne recently announced an extra £1.9bn of taxpayer’s money over five years to bolster GCHQ’s cyber capabilities.

[bc_video account_id=”1214147015″ player_id=”4697982639001″ video_id=”4781549281001″ min_width=”320px”]