Menu Close

News

UC1: Addressing and Mitigating Cyberattacks and Data Leaking in Ukraine

Smart technologies play a vital role in the functioning of Electrical and Power Energy Systems (EPES), transforming them into a new, decentralized model with numerous advantages such as distributed generation, comprehensive control, remote monitoring, and self-healing. These changes result in significant improvements in the reliability of power distribution and the overall efficiency of the power system. However, this also increases the number of cybersecurity breaches in EPES, necessitating protection against various threats.

To address this situation, new and holistic solutions are needed that utilize advanced technologies to detect and mitigate threats, capable of continuously assessing the dynamic EPES environment and ensuring compliance with the latest cybersecurity standards. One of the priority issues is the implementation of an effective training system for EPES personnel, who must respond appropriately to cybersecurity breaches.

Considering this, the ELECTRON platform provides next-generation cybersecurity for EPES, capable of enhancing the capabilities and resilience of energy systems to cyberattacks and data privacy breaches through four main principles (risk assessment, certification, anomaly detection and prevention, fault mitigation, energy restoration, and addressing internal issues through training and certification of personnel based on AR-VR – augmented/virtual reality).

At present, the ELECTRON platform is undergoing testing and trials in four real-world use cases. The Ukrainian DSO JSC “Prykarpattyaoblenergo” serves as the first use case as a potential user of the system. The special status and importance of such a testing ground are due to increased frequency of cyber-attacks on critical infrastructure due to the war in Ukraine. The advanced, innovative solutions offered by ELECTRON components are particularly interesting and necessary for Ukrainian electric power companies.

In particular, the PRINCE component ensures quality training for EPES personnel, followed by certification. Selected company personnel undergo training and testing on the PRINCE portal to timely detect, prevent, and mitigate the consequences of phishing attacks.

Implementing such advanced cybersecurity technologies is crucial for the company, as phishing is currently considered the most likely entry point for cybercriminals into the company’s network. JSC “Prykarpattyaoblenergo” has already faced the consequences of phishing in 2016, during the most massive cyber-attack on Ukraine’s power grids.

From the perspective of a potential user, the ELECTRON software suite is a technical solution that can fully ensure cybersecurity for DSO-type companies. It encompasses not only raising awareness among EPES personnel, certification, detailed monitoring of cyber threats in the energy sector, but also the most advanced protection against malware and DDoS attacks.

To perform specific test scenarios, experts at JSC “Prykarpattyaoblenergo” have created a test bench in their own laboratory that closely replicates the control chain of a high-voltage substation, taking into account the real specifics of the company’s IT and OT networks. The test bench includes an EPES operator station with a functioning SCADA system that controls RTU devices via communication channels, which are used in real substations. The RTU, in turn, controls switches at the substation and collects data from smart meters. This architecture enables ethical hacking of SCADA commands, Modbus and IEC 60870-5-104 protocol communications.

At the appropriate moment, detectors from the ELECTRON system, such as Malware Squid and FL-IDPS, detect malicious code or security breaches and transmit information for analysis, development, and implementation of response measures to higher-level components (ARMY, DARCY, NIRO, ELECTRON SIEM, etc.). Overall, the system’s response speed to cyber incidents is significantly higher than that of the software currently used by the company at this stage.

It’s also worth noting the balanced nature of the ELECTRON solution and its well-optimized integration of components.

Figure 1. Testbed of JSC "Prykarpattyaoblenergo" for Use Case 1: Substation Automation in the Test Stand, General view of Iltsi 110kV Substation,
Figure 2.Testbed of JSC "Prykarpattyaoblenergo" for Use Case 1:Control scheme used in the testbed

Another key aspect is the application of advanced, highly reliable encryption methods, which are potentially very attractive for encrypting communication channels with remote substations and dispatch center branches. Since our company has seven remote branches and, accordingly, seven regional dispatch centers, special attention is paid to securing communication channels between remote dispatch centers and the central dispatch service. These communication channels are potentially vulnerable to various types of interference. We believe that implementing ELECTRON’s information encryption methods can significantly reduce these risks.

In addition, considering that our cybersecurity department is relatively young, we strive for continuous improvement and development. Specifically, we find it beneficial to use large screens in our cybersecurity laboratory to display real-time cyber threat information that the ELECTRON system can provide through Cybersecurity Lighthouse, ELECTRON Threat Explorer, and ELECTRON SharePoint. Such a solution allows our specialists to dynamically respond to potential cyber threats in the EPES cyber space.

Another equally important aspect for JSC “Prykarpattyaoblenergo” is acquiring and disseminating cutting-edge technological expertise. Thanks to the ELECTRON project, the company continually gains innovative experience not only in EPES cybersecurity but also in project management across HORIZON. Unfortunately, such knowledge and skills are still not widely spread among educational and business organizations in Ukraine. As a socially responsible business, we consider it our duty to share and disseminate our acquired knowledge among youth, students, and faculty members of educational institutions in the region. We believe that such proactive dissemination of advanced practices in cybersecurity and project management will positively impact community development in the long term.

Therefore, JSC “Prykarpattyaoblenergo” maintains a constant interaction with the Ivano-Frankivsk National Technical University of Oil and Gas, which serves as the main supplier of personnel for the company. In 2023, the company signed an agreement with the university aimed at enhancing the educational process, particularly providing theoretical and practical knowledge to students specializing in ‘Electric Power Engineering, Electrical Engineering, and Electromechanics.’

As part of this cooperation, on May 20, 2024, a workshop was held for energy students and university professors on the topic ‘Experience of JSC “Prykarpattyaoblenergo” in implementing international scientific projects.’ The workshop was led by Andriy Grabchuk, Head of the Strategic Planning Department. Throughout the workshop, not only were aspects of Ukrainian companies’ cooperation within EU grant programs discussed, but also current issues in EPES cybersecurity and specific solutions and innovations based on the results of the ELECTRON project.

Figure 3. Workshop at Ivano-Frankivsk National Technical University of Oil and Gas