Authors:
János Csatár Budapesti Műszaki és Gazdaságtudományi Egyetem, Villamos Energetika Tanszék Budapest Magyarország; Budapest University of Technology and Economics, Department of Electric Power Engineering Budapest Hungary

Search for other papers by János Csatár in
Current site
Google Scholar
PubMed
Close
,
Péter Görgey Magyar Elektrotechnikai Egyesület Budapest Magyarország; Hungarian Electrotechnical Association Budapest Hungary

Search for other papers by Péter Görgey in
Current site
Google Scholar
PubMed
Close
, and
Tamás Holczer Budapesti Műszaki és Gazdaságtudományi Egyetem, Hálózati Rendszerek és Szolgáltatások Tanszék Budapest Magyarország; Budapest University of Technology and Economics, Department of Networked Systems and Services Budapest Hungary

Search for other papers by Tamás Holczer in
Current site
Google Scholar
PubMed
Close
Open access

Összefoglalás.

Minden fejlett ország erősen függ a villamosenergia-rendszerek működésétől, ami az idő előrehaladtával várhatóan növekedni fog. A stabil működést számos faktor befolyásolja, ezek egy része véletlenszerű (pl. időjárás), de az emberi tényező is nagy hatással van a megbízhatóságra. Ebben a cikkben a szándékos károkozás azon speciális eseteivel foglalkozunk, amikor a támadó a rendszert felügyelő és irányító számítógépes rendszeren keresztül befolyásolja károsan a villamosenergia-rendszer alapvető működését. Ehhez áttekintjük a két rendszer összefonódását, megvizsgáljuk az elmúlt nyolc évben Ukrajnában történt ilyen eseteket. A cikkben összegezzük és elemezzük a történéseket, valamint javaslatokat teszünk, hogy mit lehet tenni az ilyen káros események elkerülése érdekében, szem előtt tartva a „megelőzés, észlelés, reagálás” elvét.

Summary.

All developed countries are highly dependent on the operation of electric power systems, and this dependence will probably increase. Many factors influence stable operation, some of which are random (weather or failures of devices and cables); however, human activities also have a significant impact on reliability. In this paper, we deal with special cases of attacks that achieve a detrimental effect on the electric power system by compromising the controlling and monitoring computer systems. To support the reader, we first analyze the key components of the physical and cyber parts of the system to provide an understanding of the intertwining of these domains – it is a cyber-physical system. We further elaborate on how an event can spread from one part to the other through domains. Then, a series of actual examples underlines the importance of this topic, focusing on malicious acts committed with the goal of sabotaging the power system. Thereafter, we analyze cyber-attacks committed during the last eight years in Ukraine. Most of these attacked the Ukrainian electric power system, aiming for blackouts and device destruction. Some of the attacks had severe consequences in other European countries as well. However, some attacks were successfully stopped before any harm was made. After analyzing the events, we conclude that threat actors’ focus shifted from causing short-term blackouts to device destruction and long-term breakdowns. In the last part of our paper, we enumerate mitigation methods for operators. Our enumeration is based on the PreDeCo principle, namely prevention, detection, and correction. In conclusion, the defender must separate its different purpose networks, use strong authentication and authorization, and have proper patch management policies. These techniques must be verified with regular penetration tests. As the Ukrainian examples show, the threat actor sometimes can avoid prevention techniques; thus, good detection is necessary. The detection is based on analyzing the output of intrusion detection systems and detailed logging facilities. The analysis should be done in the security operations center by experts with knowledge of both cyberspace and electric power systems operations. In case of an incident, the security operations center must make corrective steps with the possible help of external experts. The corrective steps include the understanding of the incident, the recovery from the incident, the prevention of future similar incidents, and the digital forensic of the incident.

  • 1

    Angyal I., Arató Gy., Bakos B., Baranya Zs., Bocsok V., Bogáncs T., ... Zámbó M. (2023) Villamosenergetikai ipari felügyeleti rendszerek kiberbiztonsági kézikönyve. Nemzeti Kibervédelmi Intézet. ISBN 978-615-82042-3-1

  • 2

    Béres K. (2022) Pro-ukrainian hacker group claims hacked Rosseti Lenenergo’s SCADA system. CyberThreat. Report

  • 3

    Dai, H., Zhao, S., & Chen, K. (2017) A chaos-oriented prediction and suppression model to enhance the security for cyber physical power systems. Journal of Parallel and Distributed Computing, Vol. 103. pp. 87–95. ISSN 0743-7315. https://doi.org/10.1016/j.jpdc.2016.11.015

  • 4

    Demony, C. (2022) Vodafone Portugal hit by hackers, says no client data breach. https://www.reuters.com/technology/vodafone-portugal-hit-by-hackers-says-no-client-data-breach-2022-02-08/ [Letöltve: 2023. 10. 30.]

  • 5

    Dragos Inc. (2022) CHERNOVITE’s PIPEDREAM Malware Targeting Industrial Control Systems (ICS). https://www.dragos.com/blog/industry-news/chernovite-pipedream-malware-targeting-industrial-control-systems/ [Letöltve: 2023. 10. 12.]

  • 6

    Drügemöller, L. (2022) Erpressung aus dem Cyberraum. https://taz.de/Cyber-Attacken-auf-Windenergiebranche/!5848854/ [Letöltve: 2023. 10. 12.]

  • 7

    ESET (2022) Industroyer2: Industroyer reloaded. https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/ [Letöltve: 2023. 10. 12.]

  • 8

    Görgey P. (2020a) Kibertámadások Ukrajnában: áramszünetek és tanulságok. Elektrotechnika, Vol. 110. No. 11. pp. 22–24. https://www.mee.hu/files/files/et2020-11.pdf [Letöltve: 2023. 10. 12.]

  • 9

    Görgey P. (2020b) Kibertámadások Ukrajnában: áramszünetek és tanulságok. (II. rész) Elektrotechnika, Vol. 110. No. 11. pp. 22–24. https:// www.mee.hu/files/files/et2020-11.pdf [Letöltve: 2023. 10. 12.]

  • 10

    Görgey P. (2023) Az ukrán villamosenergia-rendszer átmenetileg két részre szakadhatott. CyberThreat.Report. https://www.cyberthreat.report/az-ukran-villamosenergia-rendszer-atmenetileg-ket-reszre-szakadhatott/ [Letöltve: 2023. 10. 12.]

  • 11

    Greenberg, A. (2022) Russia’s Sandworm Hackers Attempted a Third Blackout in Ukraine. WIRED. https://www.wired.com/story/sandworm-russia-ukraine-blackout-gru/ [Letöltve: 2023. 10. 12.]

  • 12

    Greig, J. (2022) Viasat confirms report of wiper malware used in Ukraine cyberattack. The Record. https://therecord.media/viasat-confirms-report-of-wiper-malware-used-in-ukraine-cyberattack [Letöltve: 2023. 10. 12.]

  • 13

    IBM (2023) What is the Log4j vulnerability? https://www.ibm.com/topics/log4j [Letöltve: 2023. 10. 30.]

  • 14

    ISA (2007) ISA-62443-1-1-2007 Security for Industrial Automation and Control Systems Part 1-1: Terminology, Concepts, and Models, International Society of Automation. https://www.isa.org/products/isa-62443-1-1-2007-security-for-industrial-automat [Letöltve: 2023. 10. 30.]

  • 15

    Kapellmann, Z., Leong, D., Leong, R., Sistrunk, C., Proska, K., Hildebrant, C., Lunden K., & Brubaker, B. (2022) INDUSTROYER.V2: Old Malware Learns New Tricks. Mandiant. https://www.mandiant.com/resources/blog/industroyer-v2-old-malware-new-tricks [Letöltve: 2023. 10. 12.]

  • 16

    Kostin, A. (2023) Пресконференція Андрія Костіна про роботу прокуратури за рік повномасштабної агресії РФ (Andriy Kostin’s press conference on the work of the prosecutor’s office during the year of full-scale aggression by the Russian Federation). https://www.gp.gov.ua/ua/posts/preskonferenciya-andriya-kostina-pro-roboti-prokuraturi-za-rik-povnomasstabnoyi-agresiyi-rf [Letöltve: 2023. 10. 12.]

  • 17

    Lee, R. M., Assante, M. J., & Conway, T. (2016) Analysis of the Cyber Attack on the Ukrainian Power Grid. https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2016/05/20081514/E-ISAC_SANS_Ukraine_DUC_5.pdf [Letöltve: 2023. 10. 12.]

  • 18

    Lipovsky, R. (2016) New wave of cyberattacks against Ukrainian power industry. ESET spol s.r.o. https://www.welivesecurity.com/en/company/contact-us/ [Letöltve: 2023. 10. 12.]

  • 19

    Mandiant (2021) M-Trends 2021, Fireeye Mandiant Special Report. https://services.google.com/fh/files/misc/m-trends-report-2021-en.pdf [Letöltve: 2023. 10. 28.]

  • 20

    McDonald, G., O Murchu, L., Doherty, S., & Chien, E. (2013) Stuxnet 0.5: The Missing Link. https://docs.broadcom.com/doc/stuxnet-missing-link-13-en [Letöltve: 2023. 10. 30.]

  • 21

    Moyer, M. (2011) Expert: A Virus Caused the Blackout of 2003. Will the Next One Be Intentional?. https://blogs.scientificamerican.com/observations/expert-a-virus-caused-the-blackout-of-2003-will-the-next-one-be-intentional/ [Letöltve: 2023. 10. 30.]

  • 22

    Osborne, C. (2011) Energy company EDP confirms cyberattack, Ragnar Locker ransomware blamed. https://www.zdnet.com/article/edp-energy-confirms-cyberattack-ragnar-locker-ransomware-blamed/ [Letöltve: 2023. 10. 30.]

  • 23

    Security (2023) Energy sector faces 39% of critical infrastructure attacks Security. https://www.securitymagazine.com/articles/99915-energy-sector-faces-39-of-critical-infrastructure [Letöltve: 2023. 10. 12.]

  • 24

    Siemens (2018) Siemens SIPROTEC Denial-of-Service Vulnerability. https://www.cisa.gov/news-events/ics-advisories/icsa-15-202-01 [Letöltve: 2023. 10. 12.]

  • 25

    Slowik, J. (2019) CRASHOVERRIDE: Reassessing the 2016 Ukraine. Electric Power Event as a Protection-Focused Attack. Dragos Inc.

  • 26

    SolarWinds (2021) SolarWinds Security FAQ. https://www.solarwinds.com/sa-overview/securityadvisory/faq [Letöltve: 2023. 10. 30.]

  • 27

    Styczynski J., & Beach-Westmoreland, N. (2019) When the Lights Went Out. Comprehensive Review of the 2015 Attacks on Ukrainian Critical Infrastructure. Booz Allen Hamilton Inc. https://www.boozallen.com/content/dam/boozallen/documents/2016/09/ukraine-report-when-the-lights-went-out.pdf [Letöltve: 2023. 10. 12.]

  • 28

    Turton, W., Mehrotra, K. (2021) Hackers Breached Colonial Pipeline Using Compromised Password. https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password [Letöltve: 2023. 10. 30.]

  • 29

    Williams, B. (2017) Hackers’ methods feel familiar in Ukraine power grid cyberattack. https://www.c4isrnet.com/home/2017/01/29/how-a-power-grid-got-hacked/ [Letöltve: 2023. 10. 12.]

  • 30

    Wright, R. (2022) Industroyer2: How Ukraine avoided another blackout attack. TechTarget. https://www.techtarget.com/searchsecurity/news/252523694/Industroyer2-How-Ukraine-avoided-another-blackout-attack [Letöltve: 2023. 10. 12.]

  • 31

    Xu, L., Guo, Q., Sheng, Y., Muyeen, S.M., & Sun, H. (2021) On the resilience of modern power systems: A comprehensive review from the cyber-physical perspective. Renewable and Sustainable Energy Reviews, Vol. 152. ISSN 1364-0321, https://doi.org/10.1016/j.rser.2021.111642

  • 32

    Xu, L., & Guo, Q. (2023) Integrated Modelling, Analysis and Optimization for Cyber-Physical Power Systems Considering the Impacts of Communication Networks. Cigré Science & Engineering, Vol. 28. pp. 160–181. ISSN 2426-1335

  • Collapse
  • Expand

Editor-in-Chief:

Founding Editor-in-Chief:

  • Tamás NÉMETH

Managing Editor:

  • István SABJANICS (Ministry of Interior, Budapest, Hungary)

Editorial Board:

  • Attila ASZÓDI (Budapest University of Technology and Economics)
  • Zoltán BIRKNER (University of Pannonia)
  • Valéria CSÉPE (Research Centre for Natural Sciences, Brain Imaging Centre)
  • Gergely DELI (University of Public Service)
  • Tamás DEZSŐ (Migration Research Institute)
  • Imre DOBÁK (University of Public Service)
  • Marcell Gyula GÁSPÁR (University of Miskolc)
  • József HALLER (University of Public Service)
  • Charaf HASSAN (Budapest University of Technology and Economics)
  • Zoltán GYŐRI (Hungaricum Committee)
  • János JÓZSA (Budapest University of Technology and Economics)
  • András KOLTAY (National Media and Infocommunications Authority)
  • Gábor KOVÁCS (University of Public Service)
  • Levente KOVÁCS buda University)
  • Melinda KOVÁCS (Hungarian University of Agriculture and Life Sciences (MATE))
  • Miklós MARÓTH (Avicenna Institue of Middle Eastern Studies )
  • Judit MÓGOR (Ministry of Interior National Directorate General for Disaster Management)
  • József PALLO (University of Public Service)
  • István SABJANICS (Ministry of Interior)
  • Péter SZABÓ (Hungarian University of Agriculture and Life Sciences (MATE))
  • Miklós SZÓCSKA (Semmelweis University)

Ministry of Interior
Science Strategy and Coordination Department
Address: H-2090 Remeteszőlős, Nagykovácsi út 3.
Phone: (+36 26) 795 906
E-mail: scietsec@bm.gov.hu

DOAJ

2023  
CrossRef Documents 32
CrossRef Cites 15
Days from submission to acceptance 59
Days from acceptance to publication 104
Acceptance Rate 81%

2022  
CrossRef Documents 38
CrossRef Cites 10
Days from submission to acceptance 54
Days from acceptance to publication 78
Acceptance Rate 84%

2021  
CrossRef Documents 46
CrossRef Cites 0
Days from submission to acceptance 33
Days from acceptance to publication 85
Acceptance Rate 93%

2020  
CrossRef Documents 13
CrossRef Cites 0
Days from submission to acceptance 30
Days from acceptance to publication 62
Acceptance Rate 93%

Publication Model Gold Open Access
Submission Fee none
Article Processing Charge none

Scientia et Securitas
Language Hungarian
English
Size A4
Year of
Foundation
2020
Volumes
per Year
1
Issues
per Year
4
Founder Academic Council of Home Affairs and
Association of Hungarian PhD and DLA Candidates
Founder's
Address
H-2090 Remeteszőlős, Hungary, Nagykovácsi út 3.
H-1055 Budapest, Hungary Falk Miksa utca 1.
Publisher Akadémiai Kiadó
Publisher's
Address
H-1117 Budapest, Hungary 1516 Budapest, PO Box 245.
Responsible
Publisher
Chief Executive Officer, Akadémiai Kiadó
Applied
Licenses
CC-BY 4.0
CC-BY-NC 4.0
ISSN ISSN 2732-2688 (online), 3057-9759 (print)
   

Monthly Content Usage

Abstract Views Full Text Views PDF Downloads
Aug 2024 0 42 5
Sep 2024 0 35 7
Oct 2024 0 186 10
Nov 2024 0 107 14
Dec 2024 0 33 4
Jan 2025 0 64 6
Feb 2025 0 24 2