Wow
I don't know who this Zach Flom guy is, but research like this is what the world needs. Forward thinking cyber awareness is key in the coming years. Good to see someone has their efforts pointed in the right direction.
Fresh research has shed new light on the devious and unprecedented cyber-attack against Ukraine's power grid in December 2015. A former intelligence analyst has warned that launching similar attacks is within the capabilities of criminals, or perhaps even hacktivist groups, since most of the key components are readily …
That's a different topic. Lines to Crimea were blown up by old-fashioned explosives. No IT/DevOops angle to be found there. Whereas this incident has all the right stuff - cyber mumble and lots of blameshifting.
"The 23 December outage at Ukraine's Prykarpattya Oblenergo and Kyivoblenergo utilities cut power to 80,000 customers for six hours and has been blamed on Moscow by the nation's security service."
"After analysing the information that has been made available by affected power companies, researchers, and the media it is clear that cyber attacks were directly responsible for power outages in Ukraine,"
Where are the affected remotely operated breakers? In a country with such an archaic electrical supply infrastructure, it seems unlikely that any of it would be modern enough to be hacked.
Coincidentally, they had limited coal supplies and problems with their nuclear power stations.
"using Windows boxes to control their infrastructure. Are they mad?"
Yes they do, just like BP, a la Deep Horizon.
These companies have been using Windows to roll-out their SCADA systems for decades, even though it is not necessary, unreliable and bloatware in comparison to more open systems. Not just XP, but 2000, ME, 98 95, 3.x, even 16 bit versions! They only used what they could support. However they don't support it, only when it breaks do they fix. That is not support, it is closer to negligence than maintenance.
In the past these systems never used to break because they weren't connected to the networks, (a reboot would always do). But now they are (increasingly) networked. Amazingly, some do not get replaced because the software is too brittle and/or old for them to replace so they just install TCP/IP and Windows Networking so that the 'remote monitoring' or control project can be signed off as complete.
There are very few auditors, let alone SecOps employed to check systems running on oil rigs, power distribution networks and other 'industrial backwaters'.
Perhaps we should donate all the old Win7 machines we can find- and protect the planet from their capital equipment budgets!