The holiday season has not been a joyful time with respect to Ukraine’s power grid. Days before Christmas in 2015, remote hackers wrested control from Ukrainian grid operators, and, by digitally commandeering substations, shut off power for 225,000 customers for several hours. Then, in mid-December of last year, hackers developed a malicious code that, without any real-time human support, disrupted a Kiev transmission station and caused a substantial blackout that lasted roughly an hour in the capital—in the first fully automated grid attack ever seen.
With the holidays approaching again, the eyes of security experts and diplomats are on the energy companies in Ukraine and on the teams, believed to be based in Russia, that are responsible for the attacks. Researchers have linked these groups to the infiltration of energy companies in the United States and Europe. Experts are watching this month with concerns over safety in Ukraine and over the significant implications such an attack would have worldwide, including in the U.S.
Some evidence has already suggested that a new attack could be in the works. Robert Lee, the CEO and founder of the industrial-cybersecurity firm Dragos and a leader in analyzing both of the Ukraine grid attacks, says that in recent weeks he has observed an unusual spike in activity in Ukraine by the same group of developers who engineered the malware used in the 2016 attack. From last year’s attack until mid-November, Dragos had registered very little activity in Ukraine by the group, Lee says. “In our assessment, it would be completely reasonable to execute an attack this month,” he warns.