Power Imbalances in Ukraine

The western press is ginning up alarm because hackers caused a power outage in Ukraine.

Western Ukraine power company Prykarpattyaoblenergo reported an outage on Dec. 23, saying the area affected included regional capital Ivano-Frankivsk. Ukraine’s SBU state security service responded by blaming Russia and the energy ministry in Kiev set up a commission to investigate the matter.

While Prykarpattyaoblenergo was the only Ukraine electric firm that reported an outage, similar malware was found in the networks of at least two other utilities, said Robert Lipovsky, senior malware researcher at Bratislava-based security company ESET. He said they were ESET customers, but declined to name them or elaborate.

If you buy that this really is the first time hackers have brought down power (I don’t), it is somewhat alarming as a proof of concept. But in reality, that concept was proved by StuxNet and the attack on a German steel mill at the end of 2014.

I’m more interested in the discrepancy of coverage between this and the physical sabotage of power lines going into Crimea in November.

A state of emergency was declared after four pylons that transmit power to Crimea were blown up on Friday and Saturday night. Russia’s energy ministry scrambled to restore electricity to cities using generators, but the majority of people on the peninsula remained powerless on Saturday night.

Cable and mobile internet stopped working, though there was still mobile phone coverage, and water supplies to high-rise buildings halted.

[snip]

On Saturday, the pylons were the scene of violent clashes between activists from the Right Sector nationalist movement and paramilitary police, Ukrainian media reported. Ukrainian nationalists have long been agitating for an energy blockade of Crimea to exert pressure on the former Ukrainian territory.

There was even less attention to a smaller attack just before the New Year. (h/t joanneleon, who alerted me to it)

Officials said concrete pylons supporting power lines near the village of Bohdanivka, in southern Ukraine’s Kherson region, were damaged on Wednesday night.

“According to preliminary conclusions of experts… the pylon was damaged in an explosion,” a statement from police said on Thursday.

[snip]

Crimean Tatar activist Lenur Islyamov suggested that strong winds might have brought down the pylon and denied that Tatar activists had been behind the latest power cut.

While the physical attack did get coverage, there seemed to be little concern about the implications of an attack aiming to undercut Russian control of the peninsula. Whereas here, the attack is treated as illegitimate and a purported new line in the sand.

I get why this is the case (though the press ought to rethink their bias in reporting it this way). After all, when our allies engage in sabotage we don’t consider it as such.

But the US is just as vulnerable to physical sabotage as cyber sabotage, as an apparently still unsolved April 16, 2013 attack on a PG&E substation in Silicon Valley demonstrated, and as the case of Crimea shows, physical sabotage can be more debilitating. We should really be cautious about what we treat as normatively acceptable.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

9 replies
  1. omphaloscepsis says:

    For those who can’t get past the WSJ paywall. Wikipedia offers a concise summary of the 2013 PG&E incident:

    https://en.wikipedia.org/wiki/Metcalf_sniper_attack

    An FBI agent weighs in a year and a half later:

    http://www.sfgate.com/business/article/FBI-Attack-on-PG-amp-E-substation-in-13-wasn-t-5746785.php

    ” ‘We don’t think this was a sophisticated attack,’ said John Lightfoot, who manages the FBI’s counterterrorism efforts in the Bay Area. ‘It doesn’t take a very high degree of training or access to technology to carry out this attack.’ ”

    “The attack was clearly planned, Lightfoot said, but it wasn’t difficult to execute. Whoever did it only had to lift the vault covers, use wire cutters to sever the cables, and fire a rifle.

    ‘Not very sophisticated stuff, in our minds,’ Lightfoot said. The attack also didn’t require a team, he said. The bureau ran a re-creation in July to test whether the entire operation could have been carried out by one person.

    ‘The answer, which surprised me, was yes, one guy could do this, in the time frame we know this happened,’ Lightfoot said. And the gunshots, their flash captured on a security camera video, show only one rifle firing at a time.

    ‘That indicates to us that there was only one shooter,’ Lightfoot said. ‘Doesn’t mean there was only one person there, but there was only one shooter.’ ”

    Guidelines for protecting the US power grid from physical and cyber attacks:

    http://www.nerc.com/comm/CIPC/Pages/default.aspx

  2. haarmeyer says:

    The Merc has been covering this right along, so I guess here I didn’t know it was an ignored story. PG&E is more mired in controversy over San Bruno than this, so that’s part of why the emphasis has been elsewhere. From here, there are skiddy eight million possible motives for the attack, some of which are political, and some of which are not (e.g. the place is pretty much down the street from the Metcalf Shooting Range so somebody could have just wanted to see if they could do it). AT&T suffered the biggest loss, but the power plant was much more associated with Cisco Systems when it was proposed and built, although the dotcom bust ended that relationship.

    • martin says:

      quote”Western Ukraine power company Prykarpattyaoblenergo reported an outage on Dec. 23, saying the area affected included regional capital Ivano-Frankivsk.”unquote

      Ha…bet you can’t say “Prykarpattyaoblenergo” three times in a row. :)

      On a more serious note, power grids can be fixed. I’d be much more worried about a domino effect by virtue of series of dams, like in the Sierra Nevada, that feed rivers in the Sacramento Valley in California, that are all controlled by the Department of Reclamation from one central facility. Of course, right now they’re virtually empty, but given El Nino is currently on track with a series of storms that should create floods that eventually drain into the rivers that feed the reservoirs controlled by dams. Should hackers ever open all those dams, it would create a flood scenario of biblical proportions.

      Of course, that view only stems from my own experiences living through a couple of natural floods on the Sacramento river. And the dams were working. If they all were opened at the same time? Holy fuck.

  3. emptywheel says:

    One thing I have perennially returned to is how the obsession with cyber ignores how vulnerable the physical critical infrastructure of the same CI companies is. PG&E was the poster child for that until the methane leak in SoCal. Point being that the big NatSec punditry is far more worried about things that might prevent or thwart a cyber attack than things that might limit the damage of attacks on both physical and network infrastructure.

    • scribe says:

      As to the cascade of dam failures and the downstream effects, feel free to look up “Roer River Dams” in a good history of the last year of WWII in western Europe. In short, in early 45 the Germans deliberately bolluxed a chain of their own dams on the Roer River, a tributary of the Rhine on its western side, creating a raging torrent condition in that river that precluded Allied bridging efforts for weeks. Note that they didn’t demolish the dams but rather opened the gates and, IIRC, welded them in place, all after calculating the maximum-longest duration flow they could generate.
      .
      As to which hack took down power grids first, you know my opinion and the basis therefor. “Earlier than most people think” is all I’ll say.
      .
      As to why no one gives a hoot on physical infrastructure as opposed to cyber, “because there’s lots of money to be made rebuilding it after it’s wrecked”. Duh,

  4. Evangelista says:

    There is a counterpoint in the Ukraine power interruption world, reported by RT, or one such, in which Ukraine national policy, corruption, debt manipulation and oligarchic resource and economic diversion produced a zero-pressure condition in one end of a gas line in an area near to Crimea, with temperatures extremely low. The local officials, unable to get relief via Ukraine, appealed to Russia, who enacted an emergency diversion to send Crimean gas to the area.

    A capital PR maneuver, especially with the generous and concerned Crimean Peninsula being at the same time subject to deliberately inflicted electric power shortages.

Comments are closed.