A U.S. official close to the investigation said the power outage was caused by a sophisticated attack using destructive malware that wrecked computers and wiped out sensitive control systems for parts of the Ukrainian power grid.
For years, U.S. officials have expressed worry about the vulnerability of the U.S. power grid. And the U.S. investigation of the Ukrainian attack has confirmed what until now has been largely theoretical: that cyberwarfare can be used to disable the U.S. power grid. U.S. systems aren't any more protected than those breached in Ukraine, the U.S. official said.
Ukrainian authorities have blamed Russia for the outage, saying it was part of the Russian government's pattern of undeclared war against its neighbor. Almost immediately, investigators found indications of a malware called BlackEnergy.
The U.S. sent experts from the Energy and Homeland Security departments, as well as the FBI, to assist the Ukrainians in their investigation.
What the U.S. investigators found was an unprecedented cyberwarfare attack, the U.S. official told CNN.
A sophisticated team of hackers coordinated attacks at the same time against six power providers, the U.S. official said.
The attack was so severe that it knocked out internal systems intended to help the power companies restore power. Computers were destroyed, and even the call centers used to report outages were knocked out.
The question of who carried out the attack is still unanswered.
The BlackEnergy malware has origins in Russia, but the U.S. isn't ready to attribute the attack to the Russian government.
But the attack raises important and alarming questions for the U.S. The same malware has been found in U.S. industrial systems.
In a statement, Homeland Security spokesman S.Y. Lee said the incident in Ukraine "remains the subject of an ongoing investigation."
He added that the department, along with the Energy Department, "work with the electric sub-sector to help them understand risks associated with malicious cyber activity, physical attacks, and/or other hazards. We do this by efficient information sharing, assessments of critical assets, and joint planning and exercises."