Class 643 Week 6

Class 643 Week 6

Class 643 Week 6

Author’s Name

Institutional Affiliation

Class 643 Week 6

The differences between the 2015 cyber-attack on the Ukrainian electricity grid and the 2003 attack on the United States national electricity grid were so substantial because of the source or cause of the attack and the length of days the attack took. While the U.S. attack came from an unprecedented software failure or a software-based blackout bug within General Electric’s system (Poulsen, 2004; Wald, 2013), the Ukrainian attack emanated from perfectly synchronized, highly coordinated, and brilliantly executed multisite and multistage cyber-attack (Liang et al., 2016; Sullivan & Kamensky, 2017). Also, while the Ukrainian attack lasted only for about 6 hours, the American attack lasted for two weeks (14 days), making the impacts more profound than in Ukraine. While insider data security threats could have an equal impact as outsider data security threats, I think that we do perceive external attacks differently than a lack of proper internal controls. Most people feel that external attackers who can access data via keyloggers (as in the case of Ukraine) pose a greater threat than internal players who can directly access and compromise data for personal gains.

From a critical stance, I think that the vector of attack or the threat is of particular consequence. This is because the vector of attack relates to the variants of malware used to steal authorized users’ credentials that are then used to exploit vulnerabilities aimed at gaining access to systems and executing the cyber-attack. Similar tactics, techniques, procedures, and methodologies can be deployed to launch massive attacks of unprecedented ramifications, a fact that Sullivan and Kamensky (2017) confirm.

As we move into the future, hackers and cyber attackers will leverage new technologies to develop new and possibly more resilient versions of malware. What this means is that they will find new methods of executing future attacks that have higher rates of destructiveness compared to the methods used in the Ukrainian cyber-attack. The vulnerabilities in the Ukrainian system are still a concern because these new methods will allow attackers to exploit the vulnerabilities faster than defenders can provide remedies for them. So, my recommendation as regards preventing a repeat of such attacks anywhere in the world is an emphasis on international collaboration in rigorous and proactive updating and enforcement of critical infrastructure protection standards facilitated by vigorous independent auditing.

References

Liang, G., Weller, S. R., Zhao, J., Luo, F., & Dong, Z. Y. (2016). The 2015 Ukraine blackout: Implications for false data injection attacks. IEEE Transactions on Power Systems, 32(4), 3317-3318.

Poulsen, K. (2004). Software bug contributed to blackout. Security Focus. Retrieved February 20, 2020, from https://www.securityfocus.com/news/8016.

Sullivan, J. E., & Kamensky, D. (2017). How cyber-attacks in Ukraine show the vulnerability of the US power grid. The Electricity Journal, 30(3), 30-35.

Wald, M. L. (2013). The blackout that exposed the flaws in the grid. The New York. The New York Time Company. Retrieved February 20, 2020, from https://www.nytimes.com/2013/11/11/booming/the-blackout-that-exposed-the-flaws-in-the-grid.html.