The European Network of Transmission System Operators for Electricity (ENTSO-E) has become the latest power sector organisation to have fallen victim of a cyberattack.
ENTSO-E – which represents 42 European transmission system operators in 35 countries – said on 9 March 2020 it had recently “found evidence of a successful cyber intrusion into its office network”, and was introducing contingency plans to avoid further attacks.
According to French think-tank Institut Français des relations internationals (IFRI), the power sector has become a prime target for cyber-criminals in the last decade, with cyberattacks surging by 380% between 2014 and 2015. Motives include geopolitics, sabotage and financial reasons.
The US Department of Energy (DoE) reported 150 successful attacks between 2010 and 2014 that targeted systems holding information regarding electricity grids.
Power Technology investigates the five biggest cyberattacks to the power sector in the last five years.
In June 2019, the New York Times reported that the US launched cyberattacks into the Russian power grid.
According to the newspaper, US military hackers used American computer code to target the grid as a response to the Kremlin’s disinformation campaign, hacking attempts during the 2018 midterm elections and suspicions of Russia hacking the energy sector.
The story was condemned by President Trump, who said it was fake news, and experts, while the Kremlin said it was a possibility.
According to the 2018 National Defence Authorisation Act, government hackers are permitted to carry out “clandestine military activities” to protect the country and its interests.
Saudi Aramco became the target of cyberattacks in 2017 when hackers targeted the safety system in one of the company’s petrochemical plants. Experts believe that, despite the plant shutting down, an incident could have taken place.
According to a report by the Independent, a plant official said that the attack aimed to not only to shut down the plant or wipe out data but also sent a political message.
Experts traced the attack to a Russian Government-owned laboratory.
The 2016 cyberattack on Ukraine was the second in less than a year. Hackers left customers in parts of Kyiv without electricity for an hour, after disabling an electricity substation.
The BBC said that the loss of electricity amounted to a fifth of Kyiv’s power consumption for that night. The attack was attributed to Russian hackers, with some experts suggesting that the attack aimed to physically damage the power grid.
Hackers got into the system of a western Ukrainian power company, cutting power to 225,000 households. A US report into the blackout concluded that a virus was delivered via email through spear-phishing – a technique that sends key employees detailed messages, using information gathered from social media.
The report did not name any perpetrators but experts suggested it was linked to a group of Russian hackers.
South Korean nuclear and hydroelectric company Korea Hydro and Nuclear Power (KHNP) was hacked at the end of 2014. Hackers stole and posted online the plans and manuals for two nuclear reactors, as well as the data of 10,000 employees.
The US pinned the attack on North Korea but South Korean authorities traced the IP addresses to Shenyang, a city in north-east China.