For some time, security experts have warned that critical services – for example, electricity and water supplies – can be attacked through cyberspace. The assumption is that such action requires sophisticated capabilities in cyber intelligence, technology, and operations, and possession of such capabilities is usually attributed to countries that have invested heavily in their development. Until now, even if in possession of such capabilities, most countries have shown restraint in using cyber tools to materially disrupt essential services and critical infrastructure in enemy countries. Events in Ukraine, however, question whether this assumption of restraint is still valid.
On December 23, 2015, malfunctions were reported in portions of the electrical network in western Ukraine, after the operations of 27 distribution stations and three power plants were disrupted, causing the electricity supply system to crash. Many homes were cut off from the network. This was not a routine power outage: the Ukrainian authorities believe that a cyber attack originating in Russia caused the malfunction, and the Security Service of Ukraine (SBU) has blamed Russia specifically for the power outages.
It is difficult to prove with certainty who was behind the attack, but presumably the relevant authorities in Ukraine, with the help of Western agencies, will ultimately uncover the attacker’s identify. The Ministry of Energy in Kiev has appointed a committee to investigate the affair. Thus far assessments concerning the party responsible for the attack are based on forensic examinations carried out on the damaged computers, which indicates that components in them were previously used by Russian groups. Furthermore, not surprisingly the technological capabilities point to a Russian element.