AMPYX CYBER

View Original

Energy workers in Ukraine battle to stay alive & block digital snipers

The aftermath of a missile attack on an energy facility in Ukraine on September 11, 2022. Image: Ukrinform

BY KERRY TOMLINSON, AMPERE NEWS

How do you keep the power flowing when up to 60% of your country's energy infrastructure is damaged or destroyed?

"Sometimes we don't sleep," said Serhii Galagan, head of IT for transmission company Ukrenergo. "Sometimes we rearrange or build some systems in very fast manner."

And sometimes in extremely dangerous circumstances. One hundred nineteen energy workers in Ukraine have died since the start of Russia's full-scale invasion, the Ukrainian Ministry of Energy said at the beginning of May, according to a news report, with more than 300 others injured.

While missiles are falling on power plants, workers also face a different kind of threat ---cyberattacks, some designed to take down parts of the grid.

Watch here:

Deadly Blast

A missile hit a power plant in Kharkiv, Ukraine's second largest city, on September 11, 2022. The deadly strike blew up crucial equipment and knocked out electricity for the more than one million people living there. Without power, they also had no running water, the city's mayor said.

This attack was just one of many on Ukraine's energy system starting last fall, causing widespread destruction and mass outages.

"They are trying to do maximum damage for critical infrastructure," said Galagan, chief information officer for Ukrenergo, the country's electricity transmission system operator.

Galagan is one of the people working to save the grid. He spoke at the SANS industrial cybersecurity conference in Florida this month and agreed to an interview in English with Ampere News, talking about the fight to keep the lights on and power flowing under the barrage of Russian attacks, both physical and digital.

The stakes are high. Hospitals work emergency surgeries lit by generators. Families huddle without heat and light. At times, millions of people have been without power and running water.

In the Crosshairs

As bombs target plants and substations from above, cyber attackers target the grid from the inside.

"It's constantly happening, some different kinds of attacks," Galagan said. "There are a lot of them."

The hackers pummel their system with DDoS attacks, or distributed denial of service attacks, trying to send so much Internet traffic from so many different devices that some services can't operate, he said. They're called distributed attacks because they come from many different sources at the same time. "Denial of service" refers to the impact of the attack where the service may be shut down by the blitz of Internet traffic.

On the Hunt

The attackers also scan endlessly, probing for weak spots where they can invade networks. They've succeeded in the past --- notoriously --- in 2015 and 2016, shutting down power through cyber means in Kyiv and part of western Ukraine.

In April 2022, they broke in again, not through Ukrenergo, but through a regional distribution system operator in an unnamed area of Ukraine. They launched a destructive malware that can wipe computers of their crucial data in a damaging wave, along with a new malware called Industroyer 2, designed to shut off power to millions of people.

Cyber defenders say they stopped the mass damage, so there was no large-scale black out. Reports says nine substations were shut down.

Cyberattacks on Ukrenergo have not been successful, according to Galagan.

Blocked Signals

In addition, crews struggle with the effects of GPS jamming, the blocking of signals used for global positioning system information. Someone is using GPS jamming to block location systems for things like drones, Galagan said. The fallout causes havoc in the grid's carefully timed systems where even a millionth of a second can make a difference.

In other cases, someone is spoofing or tricking the GPS system and make it look like devices are in different locations than they really are, he noted.

"Sometimes it's critical to know exact time for each specific location," Galagan explained. "And if we lose this accuracy, it causes some problems."

Life and Death

Energy workers are sacrificing their lives to keep electricity flowing.

The bomb that destroyed the Kharkiv plant in September killed two grid workers, a dispatcher and an electrician. Other energy workers have been shot by Russian soldiers or have stepped on or driven over mines.

All around them is chaos and destruction, not just days or weeks of intense pressure, but more than a year.

"What options do we have? We have no options. So, we need to restore our infrastructure in any any cost," said Galagan.

It will take years and millions of dollars to repair the grid. But for Galagan, the human toll is far worse.

"Equipment and solutions will be restored," he said. "People who died, it's not possible to restore. So, this is a real problem."


 Related stories:

More from AMPERE NEWS

See this content in the original post

Featured Stories

See this gallery in the original post