A bug in the grid: about an incident with Israel Electric Authority

Israel’s Electric Authority – an agency in charge of regulating and overseeing the distribution of electricity in Israel – had to mitigate what officials there called a “severe cyber attack.”

In late January, news slipped out regarding a very disquieting incident in Israel: The country’s Electric Authority – an agency in charge of regulating and overseeing the distribution of electricity in Israel – had to mitigate what officials there called a “severe cyber attack.”

The details of the incident are hazy, but apparently this was either a virus or (probably) a ransomware. This implies a non-targeted nature of the attack, although there were sensitive consequences nevertheless: temperatures all across Israel rapidly plunged.

Israel officials later claimed that it was “just unbelievable” that the Electric Authority’s computers weren’t secured in a proper manner.

Why not?

Is it truly unbelievable? Many governmental entities over the last few years have been subject to various forms of cyberattacks, ranging from DDoS (just late January a number of gov’t websites in Ireland went under heavy attack) to sophisticated intrusions like the one that targeted the Australian Bureau of Meteorology last December – Its system has links to the Department of Defense network, which is the most probable reason for the attack.

In other words, a cyberattack on a nation’s civilian and critical infrastructure is something long-feared and not impossible. Late last year, an attack hit Western Ukraine power company Prykarpattyaoblenergo, leaving hundreds of thousands of residents in the Ivano-Frankivisk region in the dark. According to Threatpost, attackers peddling BlackEnergy malware have demonstrated an affinity for targeting power facilities, generation operators, and power sites in the past and are believed to have had a hand in the attack. Black Energy was just recently covered on Kaspersky Business, along with mitigation methods description.

All of these stories reveal one not-so-simple thing: Critical infrastructure in various countries may become and have become targets for cyberattacks and the attacks don’t always need to be excessively sophisticated to have at least some degree of success.

Any possible scenario

The scantness of detail in regard to Israel’s incident disallows judging what happened exactly, but it is known that last summer The Israeli National Cyber Defense Authority warned the State could be targeted by cyberattacks and that security officials should “prepare for any possible scenario.”

This recommendation can be offered to any country with a developed IT infrastructure in the world today. And being prepared usually means having the appropriate tools and techniques ready to repel intruders – a multilayered system that would combine administrative, OS and network-based measures – as well as specialized technological measures addressing individual layers of your IT infrastructure. While this article covers countering the Black Energy attacks, its final part contains some very versatile recipes on how to secure the important data and infrastructure from today’s cyberthreats.