Cisco has proactively shipped modified switches to Ukrenergo, the state-owned electricity grid operator in Ukraine, to bolster its defenses against Russian cyberattacks targeting energy infrastructure. These attacks have included the use of GPS-jamming tactics, which disrupt the high-voltage energy subsystems crucial for power distribution and damage assessment.
The reliance of Ukraine’s substations on GPS for time synchronization, a standard in industrial control systems for its accuracy and affordability, becomes a vulnerability when faced with such jamming. Disruptions in GPS signals hamper the synchronization of electricity subsystems, affecting the grid’s operational status reporting and hindering the identification of issues like line breaks.
Cisco’s response involved shipping a large order of modified equipment, specifically designed to maintain accurate time even under radio jamming conditions. This solution employs the Cisco Industrial Ethernet switch with an internal crystal oscillator, enabling new clock recovery algorithms for accurate timekeeping when GPS is unavailable.
These modified versions of the Cisco Industrial Ethernet 5000 series switches, tested and stress-tested in Cisco’s Austin, Texas lab, were sent to Ukrenergo. The project, which cost around $1 million, was supported by the Pentagon, the U.S. Department of Energy, and the Department of Commerce in terms of logistics and coordination. Cisco provided the equipment free of charge.
Illia Vitiuk, head of cybersecurity for the Ukrainian security service SBU, anticipates continued cyberattacks through the winter, underlining the critical nature of these measures. Cisco ensured that the devices were capable of operating accurately in extreme cold, a crucial factor given Ukraine’s harsh winter conditions.
The inception of this initiative traces back to a February meeting at a Stanford steakhouse, where U.S. and Ukrainian officials, along with Cisco executives, discussed countermeasures against Russian electronic warfare. Joe Marshall, a senior security strategist at Cisco Talos, led the development of this specialized hardware.
Marshall described the development as an “eight-month emotional journey,” highlighting the team’s commitment to supporting Ukraine. Cisco’s expanded involvement with Ukrenergo includes modernizing the grid infrastructure for better European grid synchronization and other support projects, further cementing its role in aiding Ukraine’s resilience against cyber threats.
The situation illustrates the escalating cyber warfare aspect of the Russia-Ukraine conflict, which has seen a series of attacks, including the destructive WhisperGate malware and blackouts induced by the Sandworm cyber unit linked to Russian intelligence.
Sources include: The Register