Ex-spy chief: Ukrainian cyberattack a warning sign for US utilities

Former National Security Agency chief Gen. Michael Hayden warned that a recent malware attack on the Ukrainian power grid is yet another troubling sign that the US electric supply is vulnerable to hackers.

The Dec. 23 attack on utilities serving the Ivano-Frankivsk region of Ukraine appears to be the second confirmed incident of a computer-based attack to damage physical infrastructure. The attack led to blackouts throughout the region for several hours before power was restored. The Stuxnet worm that targeted the Iranian nuclear program is the only other such incident.

What happened in Ukraine is a harbinger for the kinds of cyberthreats the US faces, possibly from rival nations such as Russia and North Korea, the retired Air Force general told a crowd of critical infrastructure experts at the S4x16 security conference in Miami. General Hayden served as director of the NSA from 1999 to 2005 and served as CIA chief from 2006 to 2009.

"There's a darkening sky," he told reporters after his speech Tuesday, referring to the increasing threat of malware infections leading to physical damages. "This is another data point on an arc that we’ve long predicted," he said, acknowledging that the Ukraine attack reinforces concerns in official circles about security of the American power grid.

What's more, he said, if early analysis of malware discovered at the Ukrainian facility that links it to Russia is accurate, the incident foreshadows a troubling uptick in the conflict between Ukraine and Russia over the disputed Crimea region. 

The Department of Homeland Security has acknowledged that a version of the BlackEnergy program linked to the Ukraine attack has been discovered in US facilities. Hayden said that the link was troubling. "If they have a presence on the grid [with BlackEnergy] then they have already achieved what they need to carry out a destructive attack."

Analysis of the malware recovered from the Ukrainian facility conducted by the security firm iSight Partners and SANS Institute revealed that a variant of BlackEnergy, dubbed "BlackEnergy3," was present in the compromised utilities. However, security experts caution that it is premature to conclude that BlackEnergy was actually involved in the outages.

"It is possible but far too early in the technical analysis to state that," wrote Michael Assante, who heads up industrial control system research for SANS. "Simply put, there is still evidence that has yet to be uncovered that may refute the minutia of the specific components of the malware portion of the attack."

Hayden also remarked during his talk Friday on the general state of overall cybersecurity, calling on US lawmakers to pass legislation that will help bolster the nation's digital defenses. 

He also criticized of efforts by FBI Director James Comey, and others in the Obama administration, to weaken strong encryption on consumer devices to make it easier for law enforcement to conduct surveillance operations. "End-to-end encryption is good for America," he said. "I know that it represents challenges for the FBI, but on balance it creates more security for Americans than the alternative – backdoors."

Regarding the recent Office of Personnel Management hack – which US intelligence agencies and cybersecurity expert have blamed on China – Hayden said that as head of the NSA he would have absolutely stolen similar data from the Chinese government if given the opportunity. What's more, he said, he wouldn’t have had to ask permission to carry out the operation. 

"Fundamentally, the limiting factor now is a lack of legal and policy framework to do what we are capable of doing today," Hayden said. "OPM isn’t a bad on China,” he said. “It’s a bad on us."