The 2024 attacks on Ukraine’s power grid and other critical infrastructure have brought cyber warfare to the forefront, shining a light on what many perceive as a new era of conflict. However, covert attacks on critical infrastructure have been ongoing continuously for decades. Cyber warfare can be as devastating as, if not more so than, traditional kinetic warfare. Cyber warfare is the use of digital attacks by nation-states or international organizations to disrupt critical infrastructure, steal sensitive data, or spread disinformation, with the ultimate goals of undermining national security, creating economic damage, and achieving political or military advantages(Taddeo & Floridi, 2018). This essay delves into the complex nature of cyber warfare, focusing on the Ukraine power grid attack as the primary focus point. We will examine the technical aspects and strategies utilized in major critical infrastructure cyberattacks, explore international responses, and consider the future implications of this growing digital battleground. Let us begin by establishing a foundational understanding of the background and context surrounding the attacks on Ukraine’s power grid and critical infrastructure.
Background and Context
In order to understand the context we must analyze the background of historical attacks on the Ukrainian power grid. To best cover the necessary aspects the background context will be explained through analysis of the Cyber attack on the Ukrainian Power Grid, defensive lessons learned and recommendations.
Analysis of the Cyber Attack on the Ukrainian Power Grid
This analysis will review the dates, times, impact and response of emergency personnel. The cyber attack on the power grid caused a widespread outage for three hours and impacted different parts of the grid and hundreds of thousands of people. See the bullet points below to review key points of the attack.
- December 23, 2015 Kyiv Oblenergo (regional electricity distribution company) experiences service outages due to unauthorized access to their computer and SCADA systems.
- 3:35 PM local time, seven 110 kV and 23 35 kV substations disconnected for three hours.
- Attack impacted additional parts of the distribution grid, forcing manual operations.
- Approximately 225,000 customers lost power across various areas.
- Ukrainian government officials attributed the outages to a cyber attack, allegedly by Russian security services.
- Investigators, private companies, and the U.S. government offered assistance
The analysis of the attack provides key points of the attack and thanks to Ukraine’s allies and private sector they were able to create a benchmark for lessons learned. Let’s discuss those lessons learned in the section below.
Defensive Lessons Learned
Despite the sheer chaos of the Ukraine Power Grid attack valuable insights were gathered from the incident that would prevent future similar attack vectors. Below we will review the key points gathered and benchmarked to illustrate the new posture of critical infrastructure protection.
- Implemented robust network segmentation and access controls
- Integrated Secure remote access solutions
- Employed application whitelisting
- Enhanced security awareness training
- Implemented Monitoring and logging for ICS network activity
- Developed incident response plans
- Conducted regular vulnerability assessments and penetration testing
With nearly a decade to date the Ukrainian government and its partners have diligently collaborated as well as worked to bolster cybersecurity defensive capabilities. Let’s move onto the recommendations provided to Ukraine for the future of cyber warfare.
Recommendations
The recommendations below come from various sources such as Nato, the US Cyber security community, and private sector industry professionals. A select few recommendations were selected and are referenced below:
- Prioritize security of critical infrastructure
- Share information and collaborate
- Invest in cybersecurity research and development
- Develop international norms and cooperation
These activities reflect upstream previous topics covered and represent a stronger capability to defend against cyber attacks on Ukraine’s critical infrastructure. Let’s wrap-up and summarize the key points of the background and context covered so far.
The key aspects of the cyber attack on the power grid of Ukraine from a background point of view are analysis of the incident, defensive lessons learned, and recommendations from allied partners. Now that we’ve established the background and context let’s move onto the major attacks.
Major Attacks
There were a few contemporary major attacks on the Ukrainian power grid during 2022 and 2022 that will be covered below. The Russian hacker group called Sandworm utilized Industroyer and Infamous Chisel malware campaigns to cause additional blackouts of the Ukraine power grid. A short summary of these malware campaigns are detailed below.
Sandworm Hackers Target Ukraine Power Grid:
The severity of power grid attacks especially as it pertains to Ukraine is due to the nature of climate in the regions. Details on Ukraine’s climate provided by the Atlantic Council suggest “While the sun is now shining in Ukraine, within five months the country will enter a half-year period of freezing temperatures and long, dark nights with much of its energy generation capacity wrecked and demand for electricity likely to double. This is a recipe for potential humanitarian catastrophe that requires urgent international attention (Dickinson, 2024).” Let’s delve into the first major attack from the Russian group called Sandworm. On April 12, 2022, Russia’s Sandworm hackers attempted a third blackout in Ukraine. The attack was the first in five years to use Sandworm’s Industroyer malware, which is designed to automatically trigger power disruptions(Masters, 2024). Let’s move onto the second attack from the same group. On September 7, 2023, A Russian cyber crew is believed to be orchestrating a new malware campaign, dubbed Infamous Chisel, directed at the Ukrainian military, according to a joint report by the Five Eyes intelligence alliance(Masters, 2024). The campaign, which was publicly uncovered by Ukraine’s security agency earlier this month, is believed to be the work of Sandworm, the advanced persistent threat operatives linked to the GRU, Russia’s military intelligence service. Sandworm is reportedly behind earlier attacks on Ukraine’s power grid in 2017 and the NotPetya malware operation(Masters, 2024). Now that we’ve reviewed the major attacks on the Ukrainian power grid let’s proceed onto the technicalities and strategic aspects.
Technical and Strategic Aspects
The technical and strategic aspects of the attacks on the Ukrainian power grid took place in stages detailed below. To properly gauge the technical and strategic aspects of these attacks we will cover information sharing and reporting on incidents, attacker tactics, techniques, and procedures, and opportunities for the attackers. Let’s begin with reviewing the summary of information and reporting.
Summary of Information and Reporting
In this section we will review the initial reporting of the 2015 incident, partner inputs, and official reports detailing the subject matter.
- Initial report by TSN, a Ukrainian news outlet, on December 24, 2015
- Followed up by multiple reporting agencies and bloggers
- US Department of Homeland Security (DHS) issued a formal report on February 25, 2016 (IR-ALERT-H-16-056-01)
- DHS report confirmed coordinated cyberattacks on three Ukrainian Oblenergos within 30 minutes of each other
- Attacks impacted 225,000 customers and required manual operations
- Service restored after several hours, but Oblenergos continued to operate in constrained mode
- Attacks directed at the regional distribution level
Next we will review the ICS Cyber Kill Chain Mapping and Stages.
ICS Cyber Kill Chain Mapping and Stages
In this section we will review the various stages of the incident and impact surface.
- Attack followed the ICS Cyber Kill Chain completely through Stage 1 (Reconnaissance, Weaponization/Targeting, Delivery, Exploitation, Installation,, Command and Control) and Stage 2 (Actions on Objectives)
- Gained access to each level of the ICS
- reconnaissance, no observed reconnaissance reported, but coordinated attack suggests it took place.
- Weaponization/Targeting, Microsoft Office documents weaponized with BlackEnergy 3
Next we will review the attacker tactics, techniques, and procedures.
Attacker Tactics, Techniques, and Procedures
The Russian nation sponsored threat actors utilized expertise and sophisticated tactics, which will be outlined below.
- Highly structured and resourced actor, adaptable to defenses and environment
- Capabilities
- Spear Phishing emails
- BlackEnergy 3 Malware
- Manipulation of Microsoft Office documents
- Credential harvesting
- Access to ICS network via VPNs
- Expertise in network-connected infrastructure (UPSs) and ICS operation (HMI)
- Custom malicious firmware for field devices
- Telephone denial-of-service attack on call centers
That concludes the technical strategies section and next we will review the opportunities for the attackers in detail.
Opportunities for the Attackers
The Opportunities for the attackers was large due to the amount of covert time they had to perform reconnaissance. Below is a bulleted list of key points to outline the opportunities:
- Open-source information about infrastructure
- Lack of two-factor authentication on VPNs
- Firewall allowing remote admin access
- Lack of active defense measures for ICS network monitoring
- Consistent attack approach on three targets
- Consistent tactics to impact field devices
Now that we’ve captured the opportunities for the attackers let’s wrap-up. We’ve covered the technical and strategic aspects. Let’s move onto the international response to the Ukrainian power grid attacks.
International Response
Attacks on the Ukrainian power grid attacks demonstrated to the world just how capable Cyber attacks can be. To capture the sheer breadth of the international response to the Ukraine and Russian conflict we will touch on subjects such as shifting alliances, redrawing of security lines, and the re-emergence of the Ukraine renewable energy sector. Let’s delve into this complex body of information starting with the shifting Alliances.
Realignment and shifting alliances
The Ukraine and Russian conflict took the world by surprise. Most neighboring countries and political leaders never thought that a kinetic war would take place. The realization of a major war breaking out in Europe after almost eight years of a simmering conflict created a political constellation of three different groups of nations: those who sided with Putin’s Russia, those who pledged support to Ukraine, and a group of non-aligned nations resisting involvement and/or hedging their bets(Coles, 2023). This conflict quickly spread through Europe, the Middle East and Asia into a divided pie of those who supported Russia against those who supported Ukraine. A week after the invasion, the UN General Assembly resolution condemning Russia’s aggression was passed by an overwhelming majority. However, there were 35 abstentions, among them three Commonwealth states – South Africa, Pakistan, and India. In Asia, only a handful of governments stood strongly with Ukraine – Singapore, South Korea, and Japan. The region’s largest rising powers – China, India, and Indonesia – have all refused to take a side(Coles, 2023). Now that we’ve covered the realignment shifting alliances, let’s review the redrawing of the lines from a security perspective.
Security and redrawing the lines
With the realignment of shifting alliances, redrawing the lines became a central focus once the neighboring countries engaged with the conflict. ‘For many of Russia’s neighbors, the Russian invasion of Ukraine confirmed that they had been correct in their analysis of the threat posed by Moscow’s regional ambitions,’ says Alice Billon-Galland, research fellow in the Europe programme(Coles, 2023). Neighboring countries failed to respond immediately due to a lack of ability to adapt to new geopolitical landscapes. Admittedly the geopolitical landscape rapidly shifted from day to day with the conflicts happening in real-time. Before Russia’s invasion, European states, such as France and Germany, had failed to adapt to new geopolitical realities in the region and Russia’s actions would lead to a dramatic reappraisal of European security posture(Coles, 2023).
It’s important to recognize the complexity of the shifting conflicts, the ability to adapt to the landscape, and effectively create policy for a defense budget. Indeed, European countries responded with significant increases in their defense budgets, most notably Germany committing to two percent of its GDP in Chancellor Olaf Scholz’s calibrating ‘Zeitenwende’ speech(Coles, 2023). One of the primary benefits of policy making is that for the first time foreign policy included security. The fundamental decision by Germany is something Jamie Shea, associate fellow in the Chatham House International Security programme, says ‘I thought I would never see in my lifetime’, bringing security policy alongside foreign policy for the first time in decades. However, Germany has remained slow to act on key decisions, such as Leopard tanks, often communicating good intent but failing to follow up with real action(Coles, 2023). In the next section we will review how Ukraine and its allies have revolutionized energy security and sustainability.
The Reemergence of the Ukraine Energy Sector
Ukrainian cities have been actively embracing renewable energy and energy-efficient technologies to address energy security and sustainability challenges. In the face of ongoing conflicts and infrastructure stresses these efforts are vital in achieving stability throughout the impacted regions. Lets begin with solar solutions for critical infrastructure sectors such as healthcare and boiler plants.
Solar Panels for Hospitals and Boiler Plants
Hospitals and Healthcare facilities have installed solar panels across Ukraine to provide reliable sources of power for critical medical services. This move helps hospitals reduce dependency on the national grid and ensures that essential operations can continue even during power outages(Jowett, 2024). At this point we will move onto the solar panel installations for boiler plants. The installation of solar panels on boiler plants helps these facilities offset their energy needs. Boiler plants are crucial for heating, particularly during the harsh Ukrainian winters(Jowett, 2024). By integrating solar energy, these plants can lower their operational costs and reduce their carbon footprint. The installation of solar panels as a means of emergency power, reduction of dependency on national grids and providing critical services during harsh winters is one part of a comprehensive system(Jowett, 2024). The next part that will be discussed are the Photovoltaic Plants.
The Photovoltaic Plants
Photovoltaic plants are large-scale facilities that convert sunlight directly into electricity using solar panels. These panels consist of photovoltaic cells, typically made of silicon, that generate an electrical current when exposed to sunlight(Jowett, 2024). PV plants can range in size from small rooftop installations to massive solar farms covering hundreds of acres. They are a key component of renewable energy infrastructure, providing clean, sustainable electricity to homes, businesses, and communities(Jowett, 2024). Some key advantages of PV plants are:
- Renewable resource
- Cost-effective
- Scalability
Sunlight is a virtually inexhaustible energy source, making PV plants a sustainable and long-term solution for electricity generations. The cost of solar panels and other components of PV plants has decreased significantly in recent years, making solar energy increasingly competitive with traditional fossil fuel sources(Jowett, 2024). PV plants can be built in various sizes to meet the energy needs of different communities and applications, from powering individual homes to contributing to the national grid. The shift to solar power and photovoltaic plants in the midst of conflict could not have been achieved without help. In the section below we will discuss the major supporters and donors to Ukraine’s emerging renewable energy sector.
An appeal was launched to source off-grid power generation equipment for Ukraine, with companies and individuals able to donate hardware or cash(Hall, 2022). More than a thousand standalone solar generating kits were sent to Ukraine by a German nonprofit group to answer the appeal for off-grid power equipment for the war-torn country(Hall, 2022). In the previous section it was noted that both Germany and France took an abnormally long time to respond to Ukraine’s needs, however Germany has shined in assisting in the revolutionizing of the renewable energy sector. Bonn-Based renewable energy non-profit Global 100 GRE and the World Wind Energy Association (WWEA), based in the same German city, have appealed for more off-grid generating equipment to be donated to Ukraine, including solar panels, batteries and power banks(Hall, 2022). Now that we’ve captured the international response to the Ukrainian power grid attacks, let’s move onto the future implications.
Future Implications
The future implications of Cyber attacks on power grids can be wide and deep. Ukraine has seriously enhanced their energy security and sustainability. Ukrainian cities have been actively embracing renewable energy and energy-efficient technologies to address energy and sustainability challenges, especially in the face of ongoing conflicts and infrastructure stresses. Below we will walk through a few implications considered for the future progress of Ukraine:
- Cyber operations will play a supporting rather than decisive role in major theater wars. Great powers will continue to invest in cyber capabilities but see diminishing returns on these investments outside of intelligence and deception efforts once major conflict breaks out(Mueller et al., 2024).
- War will still be a continuation of politics by other means and rely on the more tangible effects of violence than on the elusive effects of compromising information networks. During the transition to warfighting, military commanders will prefer the certainty of lethal precision strikes against high-value targets to the uncertainty of generating effects in cyberspace(Mueller et al., 2024).
- The merits of cyber operations continue to be their utility as a tool of political warfare because they facilitate an engagement short of war that leverages covert action, propaganda, and surveillance but in a manner that poses a fundamental threat to human liberties. Cyber operations will remain a limited tool of coercion. Due to their uncertain effects, military leaders will initiate fewer critical cyber operations against command and control and military targets than currently anticipated. They will also face fewer restrictions on waging information warfare to mobilize and shape discontent(Mueller et al., 2024).
Now that we’ve discussed the future implications let’s conclude and review the key points covered so far.
Conclusion
In this writing the attacks on the Ukrainian power grid was explored in detail. The key points were background, major attacks, techniques, global response and future implications. Ukraine has endured many continuous attacks and has shown resolve through the aid of it’s allies. The future looks bright with the implementation of solar panels and photovoltaic plants as an off-grid means to protect energy as well as sustainability for the sector as a whole. This concludes the Ukraine Power Grid attack and stark resilience of the Ukrainian people. The future shines with renewable energy and the collective allied security to defend it.
References
Mueller, G. B., Jensen, B., Valeriano, B., Maness, R. C., & Macias, J. M. (2024). Cyber Operations during the Russo-Ukrainian War. https://www.csis.org/analysis/cyber-operations-during-russo-ukrainian-war
Coles, S. (2023, June 1). Seven ways Russia’s war on Ukraine has changed the world. Chatham House – International Affairs Think Tank. https://www.chathamhouse.org/2023/02/seven-ways-russias-war-ukraine-has-changed-world
Jensen, B., & Hoffman, E. (2024). Victory in Ukraine Starts with Addressing Five Strategic Problems. https://www.csis.org/analysis/victory-ukraine-starts-addressing-five-strategic-problems
SANS Institute. (2024, August 16). Ukraine-Russia Conflict – Cyber Resource Center | SANS Institute. https://www.sans.org/blog/ukraine-russia-conflict-cyber-resource-center/
Masters, J. (2024, January 26). Russia-Ukraine War: Cyberattack and Kinetic warfare timeline -. MSSP Alert. https://www.msspalert.com/news/ukraine-russia-cyberattack-timeline-updates-amid-russia-invasion
OCR of the document. (n.d.). National Security Archive. https://nsarchive.gwu.edu/media/15331/ocr
Taddeo, M., & Floridi, L. (2018). Regulate artificial intelligence to avert cyber arms race. Nature, 556(7701), 296–298. https://doi.org/10.1038/d41586-018-04602-6
Jowett, P. (2024, August 2). Solar-plus-storage systems inaugurated at two Ukrainian hospitals. Pv Magazine International. https://www.pv-magazine.com/2024/08/02/solar-plus-storage-systems-inaugurated-at-two-ukrainian-hospitals/
Willuhn, M. (2023, March 13). Europe’s solar industry launches donation program to repower Ukraine. Pv Magazine International. https://www.pv-magazine.com/2023/03/13/europes-solar-industry-launches-donation-program-to-repower-ukraine/
Hall, M. (2022, August 31). Can your company donate solar kit to Ukraine? Pv Magazine International. https://www.pv-magazine.com/2022/08/31/can-your-company-donate-solar-kit-to-ukraine/
Jowett, P. (2024, April 8). Feasibility study assesses PV plants for Ukrainian hospitals, water facilities. Pv Magazine International. https://www.pv-magazine.com/2024/04/08/feasibility-study-assesses-pv-plants-for-ukrainian-hospitals-water-facilities/
Pre-feasibility studies for the implementation of the solar power plant model through the ESCO modality. (n.d.). UNDP. https://www.undp.org/ukraine/publications/pre-feasibility-studies-implementation-solar-power-plant-model-through-esco-modality