Lessons From Ukraine's Energy Grid Cyber Attack

A comprehensive walkthrough of the first-ever attack on a public energy grid, and solutions that can be put in place to detect and prevent similar future attacks.

On December 23, 2015, unknown cyber forces disrupted energy-grid operations for the first time ever, causing blackouts for over 225,000 customers in Ukraine. This incident impacted operators in the electricity sector, but the tactics used in this attack could have easily played out against operators in any sector.

Cyber threats are no longer the concern of IT system administrators and network engineers, but must be as central to running a safe, efficient, and competitive business operation. Cyber attacks are now concerted, orchestrated efforts to exploit vulnerabilities in people, systems and processes—they are impactful, long-lasting, and often professional efforts, to use an organization’s network infrastructure against it in a highly targeted way.

To address this threat, Booz Allen Hamilton has prepared a detailed step-by-step walkthrough of the Ukraine attack, following the attackers’ activities across their targets’ infrastructure. Using open-source intelligence gathering techniques, malware reverse-engineering, and deep analysis of the attack and related incidents, our report lays out where, and how attackers conducted their attack, and provide recommended mitigations necessary interrupting cascading security compromises. By understanding how this attack unfolded, operators can understand how their own systems could be at risk.