I remember reading about this power grid attack against Ukraine in 2016, and experts were puzzled as to why the attack just accomplished a temporary outage. Some speculated that is was just probing the power grid for a more complex attack at a later date. This article has a different theory. The malware Russia used to overload the electric transmission station, just north of the city of Kiev, was “Crash Override” (https://www.us-cert.gov/ncas/alerts/TA17-163A). The malware interacts/attacks electric industrial equipment by sending multiple commands using four different protocols to open circuit breakers causing mass power outages.
Researches recently discovered that the malware also attacked a vulnerability in a piece of Siemens equipment (protective relay) used as an electric grid fail safe. The disabling of the protective relays would be unknown to the first responders trying to restore power to the grids. Researchers now believe that the intention was for grid engineers to quickly respond to this outage and restore power to the failed equipment manually. The danger here is while restoring power to the grid, and without the protective relay fail-safes in place, a critical overload of electrical current to transformers and power lines could have caused catastrophic damage to the electrical grid equipment, caused physical harm to workers, and would have caused significant downtime of the electrical grid.
https://www.wired.com/story/russia-ukraine-cyberattack-power-grid-blackout-destruction/
Leave a Reply
You must be logged in to post a comment.