Rob Lee, Mike Assante and Tim Conway released their analysis of the cyber attack on a Ukrainian power distribution system. It’s good work as expected from that crew, but they state “This report does not focus on attribution of the attack.” Their focus is on lessons to be learned on how to defend ICS and prevent, detect and recover from this type of attack.
There is another lesson to be learned, or emphasized, for power utilities from this attack … damaging the company running the power utility or other critical infrastructure may not be the end goal of an attacker. A utility can be caught in the crossfire where taking out power is a means to achieving a goal that does not directly involve the utility.