(Adds researcher comments)
By Pavel Polityuk
KIEV Dec 20 Ukraine is investigating a
suspected cyber attack on Kiev's power grid at the weekend, the
latest in a series of strikes on its energy and financial
infrastructure, the head of the state-run power distributor said
Vsevolod Kovalchuk, acting chief director of Ukrenergo, told
Reuters that a power distribution station near Kiev unexpectedly
switched off early on Sunday, leaving the northern part of the
capital without electricity.
A Ukrainian security chief said last week that Ukraine
needed to beef up its cyber defences, citing a spate of attacks
on government websites that he said originated in Russia.
Kovalchuk said the outage amounted to 200 megawatts of
capacity, equivalent to about a fifth of the capital's energy
consumption at night.
"That is a lot. This kind of blackout is very, very rare,"
Kovalchuk told Reuters by phone.
He said there were only two possible explanations for the
accident: either a hardware failure or external interference.
The company's IT specialists had found transmission data
that had not been included in standard protocols, suggesting
that external interference was the likeliest scenario.
Over the past month, Ukraine's finance and defence
ministries and the state treasury have said their websites had
been temporarily downed by attacks aimed at disrupting their
Kovalchuk said Ukraine's state security service had joined
the investigation. "There are no final conclusions yet about
what it was, but experts say that this was something new and
they have not encountered this before," Kovalchuk said.
Last December, another Ukrainian regional power company
Prykarpattyaoblenergo reported an outage, saying the area
affected included the regional capital Ivano-Frankivsk.
Ukraine's state security service blamed Russia.
Experts widely described that incident as the first known
power outage caused by a cyber attack. The U.S. cyber firm
iSight Partners identified the perpetrator as a Russian hacking
group known as "Sandworm."
"The purpose of this Ukraine attack: Two options. Either
it's a show of power. Prove to the people of Ukraine that your
government cannot protect you," Mikko Hypponen, Chief Research
Officer at F-Secure, told Reuters.
The other option is that there was something else happening
at the same time and they needed this to be their cover or
somehow to assist another operation to succeed as a result of
the power outage, he added.
He said that during this year the cyber capabilities of the
Russian government have done nothing but increase and we are
seeing the beginnings of a new arms race, in both military and
"We are tracking several different, separate attack
campaigns which we link back to different Russian intelligence
agencies, and the targets are typically not just for sabotage,
but for espionage," he said.
"The vast majority of government attacks that we attributed
to the Russian government are not about sabotage or disruption
but about collecting intelligence and spying on foreign computer
networks, and that has been increasing."
(additional reporting by Oleg Vukmanovic in Milan, Editing by
Matthias Williams and Ralph Boulton)