Abstract
This paper examines the rise of cyber warfare affecting power grid security, focusing on the vulnerabilities exploited in the Ukrainian power grid infrastructure by programs like BlackEnergy and CRASHOVERRIDE. It extends this analysis to similar vulnerabilities that may be in critical command and control systems of the United States' power grids. The Sandworm and Electrum cyber-attacks on Ukraine's grid are dissected, revealing the escalating threat to industrial control systems. Detailed exploits of the Radmin command-and-control software such using the plugin tool Mimikatz with NTLM and Kerberos for static and dynamic analysis, the CVE-2008-3431 DSEFix exploit, and the Win32/SSHBearDoor trojan are analyzed, alongside the unique nature of the Russian TDoS attacks and the use of KillDisk software. In the context of the United States cyber-energy policy, the paper highlights key initiatives like NERC's bi-annual GridEx preparedness exercise, the CRISP public-private information sharing program, the American Public Power Association’s cybersecurity scorecard, and the NIST Cybersecurity framework. Emphasis is placed on the importance of application whitelisting, multi-factor authentication, proactive use of the Yara forensic tool, and SIP server rate limiting as defensive measures. The paper concludes by underscoring the evolving capabilities of foreign adversaries, the ambiguity in interpreting the scope and intent of cyber-attacks, and the necessity of a robust combination of intelligence, governmental, and civilian cyber capabilities to defend power grids against threats from nation-states and cybercriminals.
Recommended Citation
Pollard, Miles
(2024)
"A Case Study of Russian Cyber-Attacks on the Ukrainian Power Grid: Implications and Best Practices for the United States,"
Pepperdine Policy Review: Vol. 16, Article 1.
Available at:
https://digitalcommons.pepperdine.edu/ppr/vol16/iss1/1