cyber-attack Lights Out-There's change a blowing in the Wind

[SURbit]

Herein lies the problem with our new world: 

 

 

It has crept up on us quickly and involves a dramatic and sudden shift in the balance of power.
In this digital world, non-politically affiliated actors often have extremely political aims but,
at the same time, exist outside of the control of the usual political systems.
They are an invisible force.
A hidden hand that can not be negotiated with, and are a frightening piece of the puzzle as to why
governments keep seeking to take more and more control over cyberspace.

Meticulous forensic analysis of all recovered data has led the research team to conclude that the
hackers used a spear-phishing attack to deliver a trojan called ‘BlackEnergy’.
 

The malware is thought to have been delivered to Ukraine’s vital systems via a purposefully
infected Microsoft Word attachment, which was then implemented to take out the regional control center.
BlackEnergy has been known about in the security industry for some time, first appearing in 2007 as a
tool for delivering DDoS attacks, but upgraded since into a more sinister form of malware.

Whoever they were, the cyber criminals successfully managed to use their access to open circuit breakers
that successfully disconnected seven 110kv substations, and twenty-three 35kv substations – cutting the
power grid entirely for a significant portion of the region, after achieving their aims, the hackers
ran a utility called KillDisk (now part of the sophisticated BlackEnergy malware package) further
delaying the power company’s ability to regain control of the system.

The attackers demonstrated planning, coordination, and the ability to use malware and possible direct
remote access to blind system dispatchers, cause undesirable state changes to the distribution electricity
infrastructure, and attempt to delay the restoration by wiping SCADA servers after they caused the outage.
This attack consisted of at least three components: the malware, a denial of service to the phone systems,
and the missing piece of evidence of the final cause of the impact. Current evidence and analysis indicates
that the missing component was direct interaction from the adversary and not the work of malware.
Or in other words, the attack was enabled via malware but consisted of at least three distinct efforts.

While it is true that this is the first time that a cyber attack has successfully been used to carry out
crippling power outages.
"If the lights go out, the banks stop working, the hospitals stop functioning, or government itself can no
longer operate, the impact on society could be catastrophic’

There is no doubt that the quality of the attack was very serious in nature, and it is clear that there is
a general paranoia amongst the political elite that this could become much more common.
For the ruling class, there is a fear that this kind of cyber warfare could severely tarnish
political careers. Nations, long accustomed to existing comfortably out of harm’s way, are becoming
increasingly frightened that they could (at some point soon) be put in the same embarrassing situation:
to the horror of the electorate.

This is the inevitable new world that we live in, where having the firepower to bomb abroad doesn’t stop
you from being vulnerable at home, being susceptible to attackers that may well be apt enough to hide their
tracks, leaving them hurt and with no way of retaliating.
It involves a shift in the balance of power, will this be the new world order, all nations held hostage with

the change a blowing in the Wind.

 

 

[straycat19]

The last power station I helped setup several years ago had their network split so that no computer connected to the internet interfaced with the control system and the control system was connected to other outside systems with a dedicated line that did not have internet access.  That prevents attacks on the utility systems.  Unfortunately that is a more expensive and everybody wants the cheap way out.

[SURbit]

On ‎1‎/‎16‎/‎2016 at 0:04 PM, straycat19 said:

The last power station I helped setup several years ago had their network split so that no computer connected to the internet interfaced with the control system and the control system was connected to other outside systems with a dedicated line that did not have internet access.  That prevents attacks on the utility systems.  Unfortunately that is a more expensive and everybody wants the cheap way out.

 

At what price are lives figured in to the costs, (more expensive and everybody wants the cheap way out), I mean just think of the hospitals and surgery units or life support units and then nursing homes or individuals that depend on an uninterrupted source. 

It's good some city and state governments are safeguarding their population with practicalities in motion, commercially large companies have generators but, in an extended outage how dependable and good are these fallbacks when not used but sparsely and for short time frames. Refrigerated storage of perishables that a community depends on. Thanks for you comment here.