(Adds researcher comments)
By Pavel Polityuk
KIEV, Dec 20 (Reuters) - Ukraine is investigating a suspected cyber attack on Kiev’s power grid at the weekend, the latest in a series of strikes on its energy and financial infrastructure, the head of the state-run power distributor said on Tuesday.
Vsevolod Kovalchuk, acting chief director of Ukrenergo, told Reuters that a power distribution station near Kiev unexpectedly switched off early on Sunday, leaving the northern part of the capital without electricity.
A Ukrainian security chief said last week that Ukraine needed to beef up its cyber defences, citing a spate of attacks on government websites that he said originated in Russia.
Kovalchuk said the outage amounted to 200 megawatts of capacity, equivalent to about a fifth of the capital’s energy consumption at night.
“That is a lot. This kind of blackout is very, very rare,” Kovalchuk told Reuters by phone.
He said there were only two possible explanations for the accident: either a hardware failure or external interference.
The company’s IT specialists had found transmission data that had not been included in standard protocols, suggesting that external interference was the likeliest scenario.
Over the past month, Ukraine’s finance and defence ministries and the state treasury have said their websites had been temporarily downed by attacks aimed at disrupting their operations.
Kovalchuk said Ukraine’s state security service had joined the investigation. “There are no final conclusions yet about what it was, but experts say that this was something new and they have not encountered this before,” Kovalchuk said.
Last December, another Ukrainian regional power company Prykarpattyaoblenergo reported an outage, saying the area affected included the regional capital Ivano-Frankivsk. Ukraine’s state security service blamed Russia.
Experts widely described that incident as the first known power outage caused by a cyber attack. The U.S. cyber firm iSight Partners identified the perpetrator as a Russian hacking group known as “Sandworm.”
“The purpose of this Ukraine attack: Two options. Either it’s a show of power. Prove to the people of Ukraine that your government cannot protect you,” Mikko Hypponen, Chief Research Officer at F-Secure, told Reuters.
The other option is that there was something else happening at the same time and they needed this to be their cover or somehow to assist another operation to succeed as a result of the power outage, he added.
He said that during this year the cyber capabilities of the Russian government have done nothing but increase and we are seeing the beginnings of a new arms race, in both military and cyber activities.
“We are tracking several different, separate attack campaigns which we link back to different Russian intelligence agencies, and the targets are typically not just for sabotage, but for espionage,” he said.
“The vast majority of government attacks that we attributed to the Russian government are not about sabotage or disruption but about collecting intelligence and spying on foreign computer networks, and that has been increasing.” (additional reporting by Oleg Vukmanovic in Milan, Editing by Matthias Williams and Ralph Boulton)