Crash Override Chronicles: Victim

Victim Sites & Technology#

So all of those things were term or bits about generalized grid operations. What about the actual victim in this case. What was the equipment affected? Where was it?

Ukrenergo

According to Reuters:

Kovalchuk said the outage amounted to 200 megawatts of capacity, equivalent to about a fifth of the capital’s energy consumption at night.

There’s an interesting piece of data. 1/5 night capacity means one gigawatt (1000 megawatts) of total consumption at night. This got me wondering what the usual ratio of night vs day consumption is. A little Googling got me to eia.gov’s article Demand for energy changes through the day. I’m doing some loose math but:

10.1 GW (🇺🇸 Lowest Night Demand) / 15.3 GW (🇺🇸 Peak Demand) * 1 GW (🇺🇦 Low Demand) = 1.53 GW (🇺🇦 Peak Demand)

Is all that important? I don’t know, but I did the math and nothing wrong with demonstrating basic algebra skills. Mostly it’s useful for understanding scale. 

Notification#

The folks from 

Vsevolod Kovalchuk _Цієї ночі на підстанції “Північна” відбувся збій в автоматиці керування. Внаслідок цього опівночі відбулися відключення…_www.facebook.com

This night at the substation “Severnaya” there was a malfunction in the control automatics.
As a result, at midnight there were disconnection of consumers from the northern part of the right bank of Kyiv and the surrounding districts of the Kyiv region. Our specialists quickly transferred the equipment to manual control mode and in 30 minutes they began to restore the power supply. Within an hour, the feed was fully restored to fifteen minutes.
We clarify the circumstances, the commission is already working. While the main version is external interference through data networks. Our cybersecurity experts promise to report in the near future.
We apologize to all those who stayed without electricity this night due to these events. Do not blame “Kyivenergo”, this time they are not guilty.

Timeline#

I tend to think about two different representations of an attack at the same time: The Graph & The Timeline. They serve two very different purposes as well as working together.

Electrum Timeline — Victim
_od1 Year, Month, Day, Time, End Year, End Month, End Day, End Time, Display Date, Headline, Text, Media, Media Credit…_docs.google.com

Threat Hunting Part 1: Improving Through Hunting _Dragos’ Software products, Threat Monitoring & Threat Intelligence empowers ICS/OT defenders to protect their critical…_dragos.com

Dragos Threat Hunting on ICS Networks - Part 2 _Featured : Industry News Threat Hunting Part 2: Hunting on ICS Networks by Dan Gunter - October 3, 2017 This post is a…_dragos.com

View original.

Exported from Medium on January 31, 2019.