NSA, CIA and Department of Defense. Even the super secret TAO (Tailored Access Operations) unit was disturbed. The major US intelligence agencies have been working for two weeks to ascertain responsibility for a cyber attack that hit the Ukrainian electricity grid. If it were the Russians, it would be an act of war.
On December 23, a large area of western Ukraine was "turned off". About 700 thousand homes have been without electricity for a few hours. The motivation of the blackout, for the electricity company in charge of the area, was lapidary: "external interference in the main systems". Computer security experts from Central Intelligence Agencyand National Security Agency and Department of National Security are examining, as reported by The Daily Beast, "Samples of malicious software recovered from the networks of the attacked company".
If the blackout were really the work of a hacker, we would be faced with the first documented case of a cyber attack on an electrical system. Despite the suspicions of similar incidents in the recent past, there is currently only one publicly confirmed case based on the technical data of a backup copy.
In 2014, President Obama has publicly pointed the finger at North Korea for a cyber attack against corporate databases of the Sony Pictures Entertainment. In response, the White House raised sanctions and ordered the TAO to attack hackers against key North Korean structures.
The Ukrainian episode does not yet have a culprit while the United States is stalling: the hacker attack on the Ukrainian electricity company, if proven, would represent a milestone in cyber-war. The malicious software detected in the systems of the Ukrainian society is called "Prykarpattyaoblenergo". The latter has similarities with a "tested" malware in 2014, against some American energy plants. That attack was described by the Department of National Security "Like a malware (called BlackEnergy) designed to attack numerous environments and industrial control systems".
In reality we are talking about a criticality that has been known for some time. Industrial control systems are used to regulate the flow of electricity remotely. Against BlackEnergy - added from the NSA - there is no possibility of defense if you remain connected on the network.
The United States at this time is trying to understand how hackers managed to penetrate corporate systems and whether they acted on behalf of the Moscow government or with its implicit consent. If the hacker attack were confirmed, it would be the first documented case of cyber attack against a leading energy structure.
For the Ukrainians, Russian involvement is clear but the United States is proceeding cautiously given the current international situation and the possible geopolitical implications that Moscow's involvement could trigger. In fact, it would be an act of aggression.
According to the The Daily Beast, the main Pentagon security agencies are processing data that may or may not demonstrate the nature of Blackout: a cyber attack or other factor, such as human error or mechanical failure. If instead (as probably will happen) the nature of the attack was not publicly confirmed, other scenarios would open. Because while it is not yet clear why hackers decide to remove electricity from civilians, on the other (tactically speaking) we could be faced with real field tests. If so, hackers would act to configure and optimize their attack procedure for the real assault on an as yet unknown target.
It should be remembered that in May of the 2009, in his first important speech on computer security, Obama said: "We know that computer operators have probed our electricity grid. They are the same ones that have plunged entire cities into darkness".
Finally, the CIA said that in at least one case the power outage in some American cities was caused by hackers whose identity remains unknown.
