In December 2015, it was detected an advanced persistent threat (APT) in the automated power grid control system. The internal networks of the Ukrainian energy company Prykarpattyaoblenergo PJSC were attacked .
Because of this cyber-attack, a significant part of the region and the regional center remained without power for several hours. 30 substations were shut down. About 230,000 people remained without power supply from one to six hours. BlackEnergy malware was used during the attack. The BlackEnergy group attacked the Ukrainian power grid using the BlackEnergy and KillDisk malware families. This was the last known use of the BlackEnergy malware in the real world. After the attack, it turned out that the BlackEnergy group consists of at least two subgroups – TleBots and GrayEnergy.
In particular, in December 2016, the GreyEnergy team developed a worm similar to NotPetya, and later an even more advanced version of this malware was used by the TeleBots group during the attack in June 2017. GreyEnergy has broader goals than the TeleBots group. GreyEnergy is primarily interested in industrial networks of various entities responsible for critical infrastructure, and, unlike TeleBots, the GreyEnergy group is not limited to Ukraine .
Based on the foregoing, it is obvious that one of the primary problems of ensuring cybersecurity of critical energy facilities and energy systems in general is the development of both new methods and tools and the development of probable scenarios of cyber-attacks. Determination of the order of threat analysis and risk assessment, including the criticality of information technology of the target functions of the energy sector and the cost of protecting resources and IT systems. Determination of the testing procedure and the composition of tests to determine the weaknesses (vulnerabilities) of the analyzed systems, up to the organization of artificial cyber-attacks to determine the reliability and identify weaknesses in existing protection systems, and the composition of recommended measures to improve the reliability of the systems, a list of possible cyber-attacks and actions necessary to their reflection, the regulations of measures to eliminate the consequences of cyber intrusions. On Digital Security in Ukraine, the aim focuses on increasing the security of current applications, services and infrastructures by integrating state-of-the-art security solutions or processes, supporting the creation of lead markets & market incentives in Europe, following an end-user driven approach, including for instance law enforcement agencies, first responders, operators of critical infrastructures, ICT service providers, ICT manufacturers, market operators and citizens. The abilities of participation in ELECTRON Project allows to provide the implementation of next-generation power systems capable of resisting energy systems against cyberattacks, increasing data confidentiality through four main initiatives: risk assessment and evaluation, detection and prevention of anomalies, mitigation of failures and acceleration of systems recovery, elimination of internal threats and through staff training and certification.
ELECTRON Project is developing exactly for this scope, to cyber-fortify the European EPES infrastructure by enabling and coordinating advanced, adaptive, and cooperative detection of large scale, cyber-human security and privacy incidents and attacks.
 The concept of development of the sector of security and defense of Ukraine, put into effect by the Decree of the President of Ukraine dated March 14, 2016 No. 92/2016.
 Cybersecurity Strategy of Ukraine, approved by Decree of the President of Ukraine dated March 15, 2016 No. 96 (Officer Vision of Ukraine, 2016), Ed. 23.
 Middleton, A History of Cyber Security Attacks.
 Bruce Middleton, A History of Cyber Security Attacks: 1980 to Present (New York: Auerbach Publications, 2017).
“GreyEnergy: A Successor to BlackEnergy,” White Paper (GreyEnergy, October 2018), Available at: www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf(link is external)