Ukraine Cyberattack a Warning to U.S.

Companies
By Floyd Arthur
On Dec. 23, 2015, hundreds of thousands of homes and businesses in the Ukraine lost
electrical power for six hours following what is now being called a well-coordinated,
well-planned cyberattack. Referring to the attack on the power-grid as the first of its
kind, SANS Industrial Control Systems described the takedown as a multi-faceted effort
that involved:

Cyberattacks

remotely switching off breakers to cut the power supply

exploiting malware already in the system to prevent utility company employees from
detecting the outage

flooding phone lines to prevent customers from reporting that the power was out

The malware also damaged the system server, preventing the affected power companies
from quickly restoring service and making investigation more difficult.
Although Ukrainian authorities have yet to release a full report, and questions about the
malicious code used to implement the cyberattack remain, the cybersecurity
firm iSIGHT Partners has attributed it to the Russian hacker group Sandworm. In an
interview with Ars Technica, John Hultquist, head of iSIGHT's cyber espionage
Carmoon Group Ltd. Business Insurance Hempstead New York

Page 1

intelligence division said, "It's the major scenario we've all been concerned about for so
long."

U.S. Utility Companies Warned of

Cyberattack Dangers
In the wake of the attack, the U.S. power industrys Electrical Information Sharing and
Analysis Center issued a warning to power companies that they needed to review their
cyber-defense systems and do a better job of preventing cyberattacks, according to a
Reuters report. The warning did not identify any critical shortcomings in the U.S. power
grid, nor did it indicate that the group felt there was an imminent danger of a similar
incident on U.S. soil. According to EIS spokesperson, Kimberly Mielcarek, "There is no
credible evidence that the incident could affect North American grid operations and no
plans to modify existing regulations or guidance based on this incident."

Increasing Awareness of Cyberattack Threat

Perhaps the most disturbing aspect of the Ukranian cyberattack was how easy it was.
According to Robert Lipovsk, senior malware researcher at the Ukrainian softwaresecurity firm ESET, "The alarming aspect of this attack was that the infection vector
[for the malware] was phishing, the practice of using email with a malicious attachment
to gain access to a computer, which is quite a trivial way to get in.
In fact, cyber-security firms advise that employee carelessness, such as opening email
attachments from unknown senders of using insecure passwords on private computers
used at work, is one of the biggest threats to a business cybersecurity. According to
experts who weighed in at a Guardian roundtable last October, another is the failure of
company leadership to understand the threat. One of the real dangers is that many
leaders dont realise their organisations have become digital, said one participant. They
probably started their careers when their business was paper-based, and in their minds
thats how the business still works.

Carmoon Group Ltd. Business Insurance Hempstead New York

Page 2

Communication and education (at all organizational levels), the group agreed, is the key
to an effective cyber security program, whether the company is protecting customer data
or access to a power grid. The group, which included industry leaders such as Nigel
Harrison, non-executive director of the Cyber Security Challenge UK, Andrew Rogoyski,
vice-president of cybersecurity services at CGI, and Emma Philpott, chief executive at
the IASME Consortium, also urged businesses to:

Encourage all employees to set strong passwords and change them regularly

Update hardware, firmware and software as needed

Regularly patch firewalls

Change the default password on WiFi routers and gateways

Educate leadership and employees about cybersafety

Mandate that employees who use their own devices at work install firewalls and antivirus
software.

All across the globe, cybercriminals are becoming more adept at planning and
implementing cyberattacks, and no business, no matter how small, is immune. A strong
IT security program and educated employees is the best defense against hackers, but
having cyber liability insurance to protect your firm is important as well. Find out more
about this essential form of coverage by contacting one of our business insurance
experts today. Call us at 516-292-3780 Monday through Friday 9 a.m. to 6 p.m.,
or request a free consultation online now.

Carmoon Group Ltd. Business Insurance Hempstead New York

Page 3