Feds: Cyber-Attack On Ukraine Proves US Power Grid Is Vulnerable

Daily Caller News Foundation logo
Andrew Follett Energy and Science Reporter
Font Size:

An electric industry group tied to the American government advised electrical utilities review their cyber defenses, according to a confidential document obtained by Reuters.

The Electricity Information Sharing and Analysis Center urged utilities to “do a better job” at creating multiple layers of defense against potential cyber-attacks, citing a December attack on Ukraine’s power grid that seems to be a “coordinated effort by a malicious actor.” The Ukrainian government has publicly blamed Russia for the attack.

American utilities, which are relatively well-defended compared to Ukraine’s, reported 13 different cyber break-ins between 2011 and 2014. A single one minute of grid downtime can cost up to $15,447, according to analysis.

The Ukraine incident was the first known cyber-attack to take down an electric grid and one of relatively few attacks which damaged physical infrastructure.

A Freedom of Information Act request revealed that hackers successfully infiltrated the Department of Energy’s (DOE) computer system 159 times between 2010 and 2014. The DOE was targeted 1,131 times over the same period. The National Nuclear Security Administration, a sub-agency within the DOE that secures the country’s nuclear weapons, was hit with 19 successful cyberattacks over those four years.

The attack on Ukraine left approximately 700,000 homes without power for several hours on Dec. 23. Ukraine’s state security service is investigating the attack. A spokesperson stated Wednesday that the investigation’s results will not be released until at least Jan. 18.

The attack on Ukraine was probably caused by a well-engineered malware called BlackEnergy, which disconnected electrical substations from the main power grid. A similar malware was used against Ukrainian media organizations during 2015 local elections. The United States Department of Homeland Security twice warned American utilities about that type of malware in December 2014 and again in June 2015.

Infecting industrial systems, such as power grids, with malware is so simple that there are even 5-minute YouTube tutorials on how to do it.

Follow Andrew on Twitter

Send tips to

All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact