Cisco whips up modded switch to secure Ukraine grid against Russian cyberattacks

Cisco says it has shipped modified switches to Ukrenergo, Ukraine's state-owned electricity grid operator, to help it withstand Russian cyberattacks aiming to disrupt energy infrastructure.

Russia has been observed using GPS-jamming tactics to interfere with Ukraine's high-voltage energy subsystems, many of which have been destroyed by drones and missiles during the ongoing conflict. When these radios are jammed, grid operators face difficulties in damage assessment and power balancing.

Ukraine's substations rely on GPS for time synchronization, Cisco told The Register, and the technology is often relied upon in industrial control systems due to its accuracy and affordability.

Russia's jamming activity is primarily carried out to interfere with missile guidance systems, but a knock-on effect is disruption to grid operators.

When GPS signals are jammed, electricity subsystems can't synchronize time and therefore can't accurately report the status of the grid to power dispatchers.

This can lead to the inability to trace the exact location of an issue such as a line break, slowing repair efforts, and balancing power delivery across the grid during an attack on a substation.

Time synchronization issues can be solved by the use of atomic clocks, which monitor the highly reliable resonant frequency of atoms, but these are a more expensive solution, especially for a country nearly two years deep into a war.

Cisco responded by sending a large order of modified equipment to Ukrenergo designed to supply accurate time even when Russia uses its radio jammers.

"Our team set out to devise a solution using our own technology," a Cisco spokesperson said. "Using the Cisco Industrial Ethernet switch with its internal crystal oscillator we were able to create new, enhanced clock recovery algorithms and modified the switch code to provide an accurate time holdover when GPS was unavailable."

Cisco sent Ukrenergo modified versions of its Industrial Ethernet 5000 series of network switches after stress-testing the equipment in its lab in Austin, Texas.

The equipment cost around $1 million to create and import, according to CNN, which first reported the story, but Cisco shipped it free of charge.

The Pentagon arranged the flights to get the package into Ukraine via the US Air Force, the Department of Energy handled the delivery logistics, and the Department of Commerce arranged meetings between US tech experts and Ukrenergo.

Illia Vitiuk, head of cybersecurity for the Ukrainian security service SBU, told the media multinational that the country expects cyberattacks to continue throughout the winter.

Cisco said its devices were tested to operate and provide accurate time reliability in adverse temperature conditions. Temperatures in Ukraine's coldest months can reach lows of -20°C/-4°F, according to the WHO.

"We developed our clock recovery algorithm in Austin and were able to test them successfully in Ukraine with the equipment stack they are designed to support."

Russia hammers Ukraine's infrastructure

From the day the war started in 2022, Russia made its intentions clear that a kinetic conflict with Ukraine would also be fought in cyberspace.

At the time it was widely pegged as the first war in history to be fought truly on the ground and virtually at the same time.

Russia started with a series of destructive wiper attacks using the WhisperGate malware, targeting a flurry of Ukrainian public and private sector networks.

Infamously, one of these spilled over and led to the major outage at satellite broadband provider Viasat – the effects of which were felt beyond Ukraine's borders.

The attack was attributed to Russia months later, despite most in the infosec community having a decent idea about who was behind it.

• Cisco has a new problem: You take too long to implement its products and stop buying more kit
• China caught – again – with its malware in another nation's power grid
• Russia has a stash of scary malware? We're shocked
• Power grid worries force Amazon to run Oregon datacenters using fuel cells

The online attacks on critical infrastructure didn't stop there. Last year a coordinated targeting of Ukraine's power plants by attackers linked to Sandworm, the offensive cyber unit inside Russia's intelligence agency, led to blackouts across the country.

Experts at the time were reluctant to define a link between these attacks and Russian missile activity, though it was noted that the cyberattack-induced blackouts overlapped with kinetic activity.

There have been myriad other attacks conducted against various organizations providing critical services to Ukraine. The Cyber Peace Institute tracks various cyberattacks targeting nations and summarizes them on its platform.

Cisco's initial meeting

A February meeting at a Stanford steakhouse was the catalyst for Cisco's decision to develop hardware to counter Russian jamming efforts, according to CNN's sources.

At the meeting were officials from the US and Ukraine, as well as Cisco executives, including Joe Marshall, senior security strategist, ICS, at Cisco Talos, who was the one that got to work on devising a solution.

After brushing up on electronic warfare, he and a team of engineers began work on kitting out its industrial switches for the needs of Ukraine's electricity grid. The team produced a few models to see if they worked, and when tests from inside Ukraine proved successful, Cisco ramped up production. They are now deployed throughout the country.

Responding to the story becoming public, Marshall said via X: "It's been an eight-month emotional journey, with a wonderful team who care about Ukraine and helping to save lives. I had instant buy-in from everyone, and something special happened to get this done."

Closer ties

Cisco has operated within Ukraine for years as a business but in June it agreed a deal to work more closely with Ukrenergo, beyond supplying the custom switches.

The pilot project will see the company support Ukrenergo in a number of ways, including to modernize its grid infrastructure, the main goals of which are to improve control and protection systems for better synchronization with the European power grid.

Cisco will offer support via Webex and is also working on a water heater load balancing project to help manage power system load during peak consumption hours. ®