"There's already some evidence that a new attack could be in the works. Robert Lee, the CEO and founder of the industrial-cybersecurity firm Dragos and a leader in analyzing both Ukraine grid attacks, says that in recent weeks he has observed an unusual spike in activity in Ukraine by the group of developers who engineered the malware used in the 2016 attack," The Atlantic wrote in the article titled "Will Ukraine Be Hit by yet Another Holiday Power-Grid Hack?" published on December 13.
Before the middle of November, Dragos had registered very little activity in Ukraine by the group since last year's attack, Lee says. "In our assessment, it would be completely reasonable to execute an attack this month," he warned.
It's possible that this spike in activity could be reconnaissance, preparation for a later operation, or simply intended to create fear of a forthcoming hack. Michael Assante, the director of industrials and infrastructure at the cybersecurity-focused SANS Institute, and a lead investigator of the 2015 attack, said that, given the continuous and sustained access campaigns in the Ukraine—which have occurred against the backdrop of the clash in Eastern Ukraine that resulted from Russia's annexation of Crimea in 2014—it is unclear if an attack is being readied. "The attackers could launch an attack if they believed an attack served a purpose and felt that the risk of being foiled was low enough to proceed," he said.
Read alsoUkraine "playground" for Russian cyberattacks - mediaNow, American officials are on the lookout for any features of a 2017 attack in Ukraine that could spell trouble if a nation-state were to focus their efforts on the high-risk target of the United States—perhaps in case of a war, when the norm against attacking infrastructure slackens.
Indeed, past attacks on Ukraine have informed officials' understanding of the national-security threats to the United States. For more than a decade leading up to the 2015 Ukraine attack, officials and diplomats had discussed the possibility of an attack on infrastructure, according to Chris Painter, who led the State Department's international cyber-policy and diplomacy efforts from 2011 until this fall. "This is not a new thing on our radar, but we've actually seen it coming of age and happening, which has raised the alarm bells," he said, characterizing such an attack on the United States as a low-probability but high-impact event. "We are in a new era where we will see more of these. It has gone from theoretical to more doable and practical."
But watching the Ukrainian grid is of particular interest in the United States, because past attacks may well have been for purposes of signaling, according to Chris Inglis, who served as the deputy director of the National Security Agency from 2006 to 2014. "[They were] done visibly and in a venue where the United States couldn't react," he said.
"What worries me most about Russia is not its technology, but its audacity and their willingness to cross the line," said Inglis. "They have proved themselves willing to do things that cross every definition of red line."
Still, the capabilities deployed against Ukraine only mean so much for the United States. The U.S. power grid belongs to a diverse set of mostly private-sector owners, and much of it is heavily regulated. It would be more difficult to attack a grid of this complexity. At the same time, the U.S. grid is more digitally dependent. Where Ukraine was able to restore power within hours by reverting to analog operations, a heavy reliance on automation in the United States limits this recovery option. "I'd be concerned if, on the receiving side, we make the mistake of digitizing too much," Inglis said. "The benefit of a manual backup showed itself [in Ukraine] as a feature as opposed to a piece of legacy. Right now, in the United States, there are some places with manual capabilities and others where there aren't."
A cyberattack on the U.S. grid would almost certainly require the backing and resources of a nation-state. Researchers have connected the hackers responsible to the Russian government, though Russia has denied allegations of hacking in Ukraine.