Ukraine investigates possible cyberattack on power grid in Kiev

Ukraine authorities are investigating a possible cyberattack on Kiev's power grid that may have caused the recent power outage that left the northern part of the capital and surrounding areas without electricity this weekend. Vsevolod Kovalchuk, acting chief of national energy provider Ukrenergo, told Reuters on Tuesday (20 December) that a power distribution station near the Ukrainian capital went dark on Sunday.

In a Facebook post on Sunday, Kovalchuk said Ukrenergo engineers quickly switched to manual mode and started restoring power within 30 minutes. He noted that full power was restored to the affected areas in about an hour and fifteen minutes.

He said one suspected cause was an "external interference through the data network", adding that the company's cybersecurity team was investigating the cause of the outage and will release more information soon. However, IT specialists at Ukrenergo found transmission data that had not been included in standard protocols, meaning external interference was a more likely possibility.

Kovalchuk told Reuters that the outage amounted to 200 megawatts of capacity which is equivalent to around one-fifth of Kiev's energy consumption at night.

"That is a lot," Kovalchuk said. "This kind of blackout is very, very rare."

Ukraine's state security service has also joined the ongoing investigation, he said.

"There are no final conclusions yet about what it was, but experts say that this was something new and they have not encountered this before," Kovalchuk said.

If confirmed, this cyberattack would be the second one targeting Ukraine's energy infrastructure to disrupt power in the European nation. In December 2015, Ukraine's power grid was targeted in a massive cyberattack that left 225,000 residents of western Ukraine temporarily without electricity.

The unprecedented attack sparked serious concerns among security experts and officials that the incident might inspire other "opportunistic hackers" to target critical national infrastructure with malicious cyberattacks.

Earlier this year, US security firm iSight Partners named a Russian hacker group called "Sandworm" as the cybercriminals behind the attack. Ukraine's energy ministry said hackers carried out the attack using a Russian-based internet service to flood the power distribution companies' call centres with fake phone calls.

Last week, the secretary of Ukraine's National Security and Defence Council, Oleksander Turchynov, said the country needed to boost its cyber defences following the slew of recent cyberattacks targeting the country's government websites that he said came from Russia.

Ukraine's financial institutions, defence ministries as well as the state treasury have reported that their websites were knocked offline by cyberattacks that aimed to disrupt operations over the past month. Ukraine's finance ministry said it was a "coordinated professional hacking attack".

Moreno Carullo, co-founder and chief technical officer at Nozomi Networks, told IBTimes UK that "if this does prove to be another cyberattack on the Ukrainian grid, it sets an uncomfortable precedent that similar attacks may occur annually at this time of year".