Open Source Intelligence for Energy Sector Cyberattacks

Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


In March 2018, the U.S. DHS and the FBI issued a joint critical alert (TA18-074A) of an ongoing campaign by Russian threat actors targeting U.S. government entities and critical infrastructure sectors. The campaign targets critical infrastructure organizations mainly in the energy sector and uses, among other techniques, Open Source Intelligence (OSINT) to extract information. In an effort to understand the extent and quality of information that can be collected with OSINT, we shadow the threat actors and explore publicly available resources that can generate intelligence pertinent to power systems worldwide. We undertake a case study of a real, large-scale power system, where we leverage OSINT resources to construct the power system model, validate it, and finally process it for identifying its critical locations. Our goal is to demonstrate the feasibility of conducting elaborate studies leveraging public resources, and inform power system stakeholders in assessing the risks of releasing critical information to the public.


  1. 1.
    Bangladesh power cut plunges millions into darkness.
  2. 2.
    Binwalk firmware analysis tool.
  3. 3.
    Blackout watch: Brazilian blackout 2009.
  4. 4.
    Embedded device hacking.
  5. 5.
    European network of TSOs for electricity.
  6. 6.
    How an entire nation became Russia’s testlab for cyberwar.
  7. 7.
    India Northern Regional Load Despatch Centre.
  8. 8.
    Industrial Control Systems Cyber Emergency Response Team.
  9. 9.
    International energy statistics (2017).
  10. 10.
    Map of PMUs with synchrophasor data flows in North America.
  11. 11.
    National Vulnerability Database.
  12. 12.
    Network data of real transmission networks (2013).
  13. 13.
    Open energy information.
  14. 14.
    Open power system data platform.
  15. 15.
    Rebels tied to blackout across most of Pakistan.
  16. 16.
    Shodan search engine.
  17. 17.
    U.K. Electricity Ten Year Statement 2016.
  18. 18.
    Ukraine’s power outage was a cyber attack: Ukrenergo.
  19. 19.
    Abraham S, Efford JR (2004) Final report on the August 14, 2003 blackout in the U.S. and Canada. Technical report, Power System Outage Task ForceGoogle Scholar
  20. 20.
    Alonso F, Greenwell C (2016) Underground vs. Overhead: power line installation-cost comparison and mitigation. Electr. Light Power 22Google Scholar
  21. 21.
    Bakshi S (2012) Report of the enquiry committee on grid disturbance in Northern region on 30th July 2012 and in Northern, Eastern & North-Eastern region on 31st July 2012. Technical report, Indian Ministry of PowerGoogle Scholar
  22. 22.
    Bernstein A, Bienstock D, Hay D, Uzunoglu M, Zussman G (2014) Power grid vulnerability to geographically correlated failures – analysis and control implications. In: IEEE INFOCOM 2014 – IEEE conference on computer communications, pp 2634–2642.
  23. 23.
    Campbell RJ (2012) Weather-related power outages and electric system resiliency. Technical report, Congressional Research ServiceGoogle Scholar
  24. 24.
    Davis CM, Overbye TJ (2011) Multiple element contingency screening. Trans Power Syst 26(3):1294–1301CrossRefGoogle Scholar
  25. 25.
    Davis C, Chmieliauskas A, Nikolic I (2015) Enipedia. Energy & Industry group, Faculty of Technology, Policy and Management, TU DelftGoogle Scholar
  26. 26.
    Durumeric Z, Wustrow E, Alex Halderman J (2013) ZMap: fast internet-wide scanning and its security applications. In: Presented as part of the 22nd USENIX security symposium (USENIX Security 13), Washington, DC. USENIX, pp 605–620.,ISBN:978-1-931971-03-4 Google Scholar
  27. 27.
    Eaton: Blackout tracker (2017) United States annual report 2016Google Scholar
  28. 28.
    Eles: Slovenia’s transmission network: annual report 2015.
  29. 29.
    Elia: Belgium electrical transmission network: annual report 2016.
  30. 30.
    Fachkha C, Bou-Harb E, Keliris A, Memon N, Ahamad M (2017) Internet-scale probing of CPS: inference, characterization and orchestration analysis. In: Proceedings of the 24th network and distributed system security symposium (NDSS’17), San Diego, Feb 2017Google Scholar
  31. 31.
    Gharavi H, Ghafurian R (2011) Smart grid: the electric energy system of the future. In: Proceedings of the IEEE. IEEE, PiscatawayGoogle Scholar
  32. 32.
    Grainger J, Grainger W, Stevenson W (1994) Power system analysis. McGraw-Hill Education, New YorkGoogle Scholar
  33. 33.
    Igure VM, Laughter SA, Williams RD (2006) Security issues in SCADA networks. Comput Secur 25(7):498–506CrossRefGoogle Scholar
  34. 34.
    International Society of Automation (2018) ANSI/ISA 62443 security for industrial automation and control systems. ISAGoogle Scholar
  35. 35.
    Kaplunovich P, Turitsyn K (2016) Fast and reliable screening of N-2 contingencies. Trans Power Syst 31(6):4243–4252CrossRefGoogle Scholar
  36. 36.
    Keliris A, Maniatakos M (2016) Remote field device fingerprinting using device-specific modbus information. In: 2016 IEEE 59th international Midwest symposium on circuits and systems (MWSCAS), pp 1–4.
  37. 37.
    Keliris A, Maniatakos M (2017) Demystifying advanced persistent threats for industrial control systems. ASME Mech Eng 139(03):S13–S17. CrossRefGoogle Scholar
  38. 38.
    Knake R (2017) A cyberattack on the U.S. power grid. Contingency planning memorandum, vol 31. Council on Foreign Relations.
  39. 39.
    Konstantinou C, Maniatakos M (2015) Impact of firmware modification attacks on power systems field devices. In: International Conference on Smart Grid Communications. IEEE, pp 283–288. Google Scholar
  40. 40.
    Konstantinou C, Maniatakos M (2017) Security analysis of smart grid. Commun Control Secur Challenges Smart Grid 2:451Google Scholar
  41. 41.
    Langner R (2011) Stuxnet: dissecting a cyberwarfare weapon. Secur Priv 9(3):49–51CrossRefGoogle Scholar
  42. 42.
    Lee RM, Assante MJ, Conway T (2016) Analysis of the cyber attack on the Ukrainian power grid. Technical report, SANS Industrial Control SystemsGoogle Scholar
  43. 43.
    Momoh J, Mili L (2009) Economic market design and planning for electric power systems, vol 52. Wiley, HobokenCrossRefGoogle Scholar
  44. 44.
    Morison K, Wang L, Kundur P (2004) Power system security assessment. Power Energy Mag 2(5):30–39CrossRefGoogle Scholar
  45. 45.
    NERC: Disturbance Reports 1992–2009Google Scholar
  46. 46.
    NERC (2009) FAC-011-2: system operating limits methodology for the operations horizonGoogle Scholar
  47. 47.
    OpenStreetMap: Power networks.
  48. 48.
    Orebaugh A, Ramirez G, Beale J (2006) Wireshark & Ethereal network protocol analyzer toolkit. Syngress, RocklandGoogle Scholar
  49. 49.
    Pajic S (2007) Power system state estimation and contingency constrained optimal power flow: a numerically robust implementation. Worcester Polytechnic InstituteGoogle Scholar
  50. 50.
    Project Group Turkey (2015) Report on blackout in Turkey on 31st March 2015. Technical report, European Network of Transmission System Operators for ElectricityGoogle Scholar
  51. 51.
    ProSoft Technology: Power success stories.
  52. 52.
    Reimann J, Rose J (2015) Eclipse SCADA: the definite guideGoogle Scholar
  53. 53.
    Roland Berger (2014) Study regarding grid infrastructure development: European strategy for raising public acceptance. Technical report, European Commission Tender No. ENER/B1/2013/371Google Scholar
  54. 54.
    SCADA Innovations: Success stories.
  55. 55.
    Siemens: High voltage substation references.
  56. 56.
    Stott B, Alsac O, Alvarado F (1985) Analytical and computational improvements in performance-index ranking algorithms for networks. Int J Electr Power Energy Syst 7(3): 154–160CrossRefGoogle Scholar
  57. 57.
    Stouffer K, Falco J, Scarfone K (2011) Guide to industrial control systems security. NIST Spec Publ 800(82):16Google Scholar
  58. 58.
    Symantec: Dragonfly: Western energy sector targeted by sophisticated attack group.
  59. 59.
    Technavio: Global smart grid transmission and distribution equipment market 2016–2020.
  60. 60.
    Turitsyn KS, Kaplunovich PA (2013) Fast algorithm for N-2 contingency problem. In: 46th Hawaii international conference on system sciences (HICSS). IEEE, pp 2161–2166.
  61. 61.
    U.S. DHS and FBI: US-CERT: advanced persistent threat activity targeting energy and other critical infrastructure sectors.
  62. 62.
    Zachariadis T, Poullikkas A (2012) The costs of power outages: a case study from Cyprus. Energy Policy 51(Supplement C):630–641CrossRefGoogle Scholar
  63. 63.
    Zimmerman RD, Murillo-Sánchez CE, Thomas RJ (2011) MATPOWER: steady-state operations, planning, and analysis tools for power systems research and education. Trans Power Syst 26(1):12–19CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.New York University Tandon School of EngineeringBrooklynUSA
  2. 2.Center for Advanced Power Systems, Florida State UniversityTallahasseeUSA
  3. 3.New York University Abu DhabiSaadiyat Island, Abu DhabiUnited Arab Emirates

Personalised recommendations