The European Network of Transmission System Operators for Electricity (ENTSO-E) has become the latest power sector organisation to have fallen victim of a cyberattack.

ENTSO-E – which represents 42 European transmission system operators in 35 countries – said on 9 March 2020 it had recently “found evidence of a successful cyber intrusion into its office network”, and was introducing contingency plans to avoid further attacks.

According to French think-tank Institut Français des relations internationals (IFRI), the power sector has become a prime target for cyber-criminals in the last decade, with cyberattacks surging by 380% between 2014 and 2015. Motives include geopolitics, sabotage and financial reasons.

The US Department of Energy (DoE) reported 150 successful attacks between 2010 and 2014 that targeted systems holding information regarding electricity grids.

Power Technology investigates the five biggest cyberattacks to the power sector in the last five years.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

June 2019

In June 2019, the New York Times reported that the US launched cyberattacks into the Russian power grid.

According to the newspaper, US military hackers used American computer code to target the grid as a response to the Kremlin’s disinformation campaign, hacking attempts during the 2018 midterm elections and suspicions of Russia hacking the energy sector.

The story was condemned by President Trump, who said it was fake news, and experts, while the Kremlin said it was a possibility.

According to the 2018 National Defence Authorisation Act, government hackers are permitted to carry out “clandestine military activities” to protect the country and its interests.

August 2017

Saudi Aramco became the target of cyberattacks in 2017 when hackers targeted the safety system in one of the company’s petrochemical plants. Experts believe that, despite the plant shutting down, an incident could have taken place.

According to a report by the Independent, a plant official said that the attack aimed to not only to shut down the plant or wipe out data but also sent a political message.

Experts traced the attack to a Russian Government-owned laboratory.

December 2016

The 2016 cyberattack on Ukraine was the second in less than a year. Hackers left customers in parts of Kyiv without electricity for an hour, after disabling an electricity substation.

The BBC said that the loss of electricity amounted to a fifth of Kyiv’s power consumption for that night. The attack was attributed to Russian hackers, with some experts suggesting that the attack aimed to physically damage the power grid.

December 2015

Hackers got into the system of a western Ukrainian power company, cutting power to 225,000 households. A US report into the blackout concluded that a virus was delivered via email through spear-phishing – a technique that sends key employees detailed messages, using information gathered from social media.

The report did not name any perpetrators but experts suggested it was linked to a group of Russian hackers.

December 2014

South Korean nuclear and hydroelectric company Korea Hydro and Nuclear Power (KHNP) was hacked at the end of 2014. Hackers stole and posted online the plans and manuals for two nuclear reactors, as well as the data of 10,000 employees.

The US pinned the attack on North Korea but South Korean authorities traced the IP addresses to Shenyang, a city in north-east China.