Russia was behind a December cyber attack on Ukraine’s power grid that caused widespread power outages, a senior Obama administration official said Thursday.
Elizabeth Sherwood-Randall, deputy Energy Secretary, made the comments to a gathering of electric power grid industry executives, according to an U.S. official familiar with her presentation.
Her comments contrast with the view of other top U.S. intelligence and security officials who say the evidence isn’t conclusive enough and that the U.S. government isn’t ready to attribute the cyber attack to the Russian government. Other officials who spoke at the Thursday briefing stopped short of Sherwood-Randall’s definitive assessment.
A spokeswoman for Sherwood-Randall said she couldn’t provide details of the presentation or discuss the highly sensitive information provided. The spokeswoman declined further comment.
U.S. intelligence and national security officials have closely followed the investigation of the Ukrainian grid attack, because they say it represents a first-of-its-kind confirmed cyber-warfare attack affecting civilians. The attack also raised major concerns because the U.S. power grid and other major industrial facilities have many of the same vulnerabilities that were exploited in the Ukraine attack, U.S. officials say.
The briefing Thursday was done to provide the power grid industry with the findings of a U.S. team that visited Ukraine to investigate the grid attack that cut power to 103 cities and towns.
Sherwood Randall’s presentation included video that captured parts of the cyber attack as it happened on computer screens monitoring the Ukrainian grid, the official said.
The U.S. team that conducted the Ukraine investigation included experts from the U.S. departments of Energy, State, Homeland Security and the FBI. They found for the first time conclusive evidence that a cyber attack caused the blackout, U.S. officials briefed on the probe said.
The attack involved a team of sophisticated hackers who attacked six different power companies at the same time, according to the U.S. officials. Destructive malware wrecked computers and wiped out sensitive control systems for parts of the Ukraine power grid, making it more difficult for technicians to restore power.
Ukrainian officials have publicly blamed Russia for the attack on the power grid. In the weeks after the attack, officials said suspicion centered on a version of the malware known as BlackEnergy, which has origins in Russia and has been widespread in industrial systems.
But the U.S. government and private sector investigators don’t believe BlackEnergy was the malware that caused the damage. Instead, they cite other more destructive malicious software.