Title
Cybersecurity Standards and the 2015 Ukraine Power Grid Attack: Mitigating Catastrophic Cyber Disruptions on Electrical Infrastructure
Author
Sam Cohen
Date
2/10/2020
(Original Publish Date: 8/1/2019)
(Original Publish Date: 8/1/2019)
Abstract
The 2015 attack on Ukraine's power grid represented the first publically documented cyber incident disrupting electrical utility and power distribution control systems. While the incident was temporary, it impacted critical services supporting 225,000 customers-including businesses, industrial facilities, and government offices. The attack has been recognized as a highly complex and persistent operation that could have escalated to a significantly larger power outage disaster, threatening long-term essential service disruptions at hospitals, government facilities, telecommunication sites, and financial institutions. This paper examines how cybersecurity standards developed or approved by organizations such as the National Institute for Standards and Technology (NIST), the American National Standards Institute (ANSI), the International Organization for Standardization (ISO), the North American Electric Reliability Corporation (NERC), and the International Electrotechnical Commission (IEC) could have either mitigated or entirely prevented this attack. Specifically, log collection and analysis (NERC CIP- 007-6 and NIST SP-800-92), external network and boundary protection (IEC 62443-3, adopted as ANSI/ISA 99.03.03), and incident response (NIST-7628 Rev.1 and ISO/IEC 27002:2013) standards are mapped against key cybersecurity gaps that enabled the attackers to compromise and exploit key assets throughout Ukraine. The paper then determines how controls listed in these standards could have assisted cybersecurity and IT staff with the defense of their control systems and supervisory control and data acquisition (SCADA) networks, thereby reducing the destructive potential of the attack and possibly mitigating the disaster altogether. The standards analyzed in this paper are identified for their mitigation utility during the Ukraine attacks, and also for their applicability to any power grid owner or operator aiming to reduce cyber risk.