Israel's electric grid targeted by malware, energy minister says

Israeli Energy Minister discloses attack during keynote at CyberTech 2016 in Tel Aviv

telaviv power plant

Tel-aviv power plant

Credit: amira_a

Israel's Minister of Infrastructure, Energy and Water, Yuval Steinitz, told CyberTech 2016 attendees on Tuesday that the country's Public Utility Authority had been targeted by malware, and that some systems were still not working properly.

"Yesterday we identified one of the largest cyber attacks that we have experienced," Steinitz said.

"The virus was already identified and the right software was already prepared to neutralize it. We had to paralyze many of the computers of the Israeli electricity authorities. We are handling the situation and I hope that soon, this very serious event will be over."

Steinitz went on to say that the attack was an example "of the sensitivity of infrastructure to cyber-attacks, and the importance of preparing ourselves in order to defend ourselves against such attacks."

"We need cyber tech to prevent such attacks. Cyber-attacks on infrastructure can paralyze power stations and the whole energy supply chain from natural gas, oil, petrol to water systems and can additionally cause fatalities. Terrorist organizations such as Daesh, Hezbollah, Hamas and Al Qaeda have realized that they can cause enormous damage by using cyber to attack nations," Steinitz added.

In comments to local media, a spokeswoman for the Electricity Authority confirmed the attack and that because of it; some computers have been shutdown for at least two days.

However, by Tuesday evening, it was expected that the attack would be sorted out within hours.

The attack couldn't have happened at a worse time; Israel is experiencing a harsh winter with extremely low temperatures currently, which is taxing the power grid.

Steinitz didn't speculate on the source of the attack.

Not long after news of the attack started to spread, Robert M. Lee, the CEO of Dragos Security, published his thoughts on the matter over on the SANS ICS blog.

"Israel has threats that it must consider on a day-to-day basis. Critical infrastructure is constantly the focus of threats as well although there are a lack of validated case-studies to uncover the type of activity much of the community feels is going on in large quantities. However, reports of cyber attacks must be met with caution and demands for proof due to the technical and cultural challenges that face the ICS security community," he wrote.

"Simply put, there is a lack of expertise in the quantity required alongside the type of data needed to validate and assess all of the true attacks on infrastructure while appropriately classifying lesser events. Given the current barriers present in the ICS community the claims of attacks should be watched diligently, taken seriously, but approached with caution and investigated fully."

Update:

A report issued early Wednesday morning suggests that the attack referenced by Steinitz was actually a Ransomware attack. If so, then it wasn't something that impacted the power grid directly as was previously suggested.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.