BOSTON (Reuters) - A quasi-governmental U.S. electric industry group last week advised members to review network defenses following reports that 80,000 customers of a Western Ukraine utility lost power for six hours following a cyber attack.
The Electricity Information Sharing and Analysis Center, or E-ISAC, urged members to “do a better job” at implementing multiple layers of defense against potential cyber attacks, saying the incident at Ukraine’s Prykarpattyaoblenergo electricity provider appeared to be the result of a “coordinated effort by a malicious actor.”
The nine-page confidential document, reviewed by Reuters, did not identify deficiencies in the U.S. grid that could lead to similar attacks.
Security experts said businesses in many sectors were closely following the Ukraine incident because it was a watershed event: the first known cyber attack to take down an electric grid. It was also one of just a handful of known cyber attacks that have damaged any kind of physical infrastructure.
Kimberly Mielcarek, a spokeswoman for E-ISAC, said that the organization would continue to provide more data as it pursued an investigation with help of the federal government.
“There is no credible evidence that the incident could affect North American grid operations and no plans to modify existing regulations or guidance based on this incident,” she said in an emailed statement.
Prykarpattyaoblenergo reported an outage on Dec. 23. Ukraine’s SBU state security service blamed Russia and the energy ministry set up a commission to investigate. A ministry spokesman said on Wednesday that the results will not be released until after Jan. 18.
The Kremlin has not responded to requests for comment.
The U.S. Central Intelligence Agency, Department of Homeland Security, Federal Bureau of Investigation and White House National Security Council all declined to comment on efforts to probe the incident.
The E-ISAC report identified systems integrator Galician Computer Co as having worked for Prykarpattyaoblenergo and two other utilities that were reported to have been targeted in the attack but did not experience outages: Chernivtsioblenergo and Kyivoblenergo.
“The integrator is the single point of connection between various regional electrical entities in the Ukraine that were exposed to this attack,” the report said.
Galician Computer Co told Reuters via email that it had provided software to only one of the three firms and was not involved in running any of the plants.
“According to reports from employees at that regional power firm, attacks were definitely carried out and led to blackouts,” the statement said. “We do not have any other information regarding this incident.”
Reporting by Jim Finkle; Additional reporting by Pavel Polityuk, Eric Auchard and Dustin Volz; Editing by Jonathan Weber and Tom Brown