Skip to main content

Open Source Intelligence for Energy Sector Cyberattacks

Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


In March 2018, the U.S. DHS and the FBI issued a joint critical alert (TA18-074A) of an ongoing campaign by Russian threat actors targeting U.S. government entities and critical infrastructure sectors. The campaign targets critical infrastructure organizations mainly in the energy sector and uses, among other techniques, Open Source Intelligence (OSINT) to extract information. In an effort to understand the extent and quality of information that can be collected with OSINT, we shadow the threat actors and explore publicly available resources that can generate intelligence pertinent to power systems worldwide. We undertake a case study of a real, large-scale power system, where we leverage OSINT resources to construct the power system model, validate it, and finally process it for identifying its critical locations. Our goal is to demonstrate the feasibility of conducting elaborate studies leveraging public resources, and inform power system stakeholders in assessing the risks of releasing critical information to the public.

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   119.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD   159.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


  1. 1.

    OSINT refers to data and information passively collected and analyzed from publicly available sources. It is not related to open source software.


  1. Bangladesh power cut plunges millions into darkness.

  2. Binwalk firmware analysis tool.

  3. Blackout watch: Brazilian blackout 2009.

  4. Embedded device hacking.

  5. European network of TSOs for electricity.

  6. How an entire nation became Russia’s testlab for cyberwar.

  7. India Northern Regional Load Despatch Centre.

  8. Industrial Control Systems Cyber Emergency Response Team.

  9. International energy statistics (2017).

  10. Map of PMUs with synchrophasor data flows in North America.

  11. National Vulnerability Database.

  12. Network data of real transmission networks (2013).

  13. Open energy information.

  14. Open power system data platform.

  15. Rebels tied to blackout across most of Pakistan.

  16. Shodan search engine.

  17. U.K. Electricity Ten Year Statement 2016.

  18. Ukraine’s power outage was a cyber attack: Ukrenergo.

  19. Abraham S, Efford JR (2004) Final report on the August 14, 2003 blackout in the U.S. and Canada. Technical report, Power System Outage Task Force

    Google Scholar 

  20. Alonso F, Greenwell C (2016) Underground vs. Overhead: power line installation-cost comparison and mitigation. Electr. Light Power 22

    Google Scholar 

  21. Bakshi S (2012) Report of the enquiry committee on grid disturbance in Northern region on 30th July 2012 and in Northern, Eastern & North-Eastern region on 31st July 2012. Technical report, Indian Ministry of Power

    Google Scholar 

  22. Bernstein A, Bienstock D, Hay D, Uzunoglu M, Zussman G (2014) Power grid vulnerability to geographically correlated failures – analysis and control implications. In: IEEE INFOCOM 2014 – IEEE conference on computer communications, pp 2634–2642.

  23. Campbell RJ (2012) Weather-related power outages and electric system resiliency. Technical report, Congressional Research Service

    Google Scholar 

  24. Davis CM, Overbye TJ (2011) Multiple element contingency screening. Trans Power Syst 26(3):1294–1301

    CrossRef  Google Scholar 

  25. Davis C, Chmieliauskas A, Nikolic I (2015) Enipedia. Energy & Industry group, Faculty of Technology, Policy and Management, TU Delft

    Google Scholar 

  26. Durumeric Z, Wustrow E, Alex Halderman J (2013) ZMap: fast internet-wide scanning and its security applications. In: Presented as part of the 22nd USENIX security symposium (USENIX Security 13), Washington, DC. USENIX, pp 605–620.,ISBN:978-1-931971-03-4

    Google Scholar 

  27. Eaton: Blackout tracker (2017) United States annual report 2016

    Google Scholar 

  28. Eles: Slovenia’s transmission network: annual report 2015.

  29. Elia: Belgium electrical transmission network: annual report 2016.

  30. Fachkha C, Bou-Harb E, Keliris A, Memon N, Ahamad M (2017) Internet-scale probing of CPS: inference, characterization and orchestration analysis. In: Proceedings of the 24th network and distributed system security symposium (NDSS’17), San Diego, Feb 2017

    Google Scholar 

  31. Gharavi H, Ghafurian R (2011) Smart grid: the electric energy system of the future. In: Proceedings of the IEEE. IEEE, Piscataway

    Google Scholar 

  32. Grainger J, Grainger W, Stevenson W (1994) Power system analysis. McGraw-Hill Education, New York

    Google Scholar 

  33. Igure VM, Laughter SA, Williams RD (2006) Security issues in SCADA networks. Comput Secur 25(7):498–506

    CrossRef  Google Scholar 

  34. International Society of Automation (2018) ANSI/ISA 62443 security for industrial automation and control systems. ISA

    Google Scholar 

  35. Kaplunovich P, Turitsyn K (2016) Fast and reliable screening of N-2 contingencies. Trans Power Syst 31(6):4243–4252

    CrossRef  Google Scholar 

  36. Keliris A, Maniatakos M (2016) Remote field device fingerprinting using device-specific modbus information. In: 2016 IEEE 59th international Midwest symposium on circuits and systems (MWSCAS), pp 1–4.

  37. Keliris A, Maniatakos M (2017) Demystifying advanced persistent threats for industrial control systems. ASME Mech Eng 139(03):S13–S17.

    CrossRef  Google Scholar 

  38. Knake R (2017) A cyberattack on the U.S. power grid. Contingency planning memorandum, vol 31. Council on Foreign Relations.

  39. Konstantinou C, Maniatakos M (2015) Impact of firmware modification attacks on power systems field devices. In: International Conference on Smart Grid Communications. IEEE, pp 283–288.

    Google Scholar 

  40. Konstantinou C, Maniatakos M (2017) Security analysis of smart grid. Commun Control Secur Challenges Smart Grid 2:451

    Google Scholar 

  41. Langner R (2011) Stuxnet: dissecting a cyberwarfare weapon. Secur Priv 9(3):49–51

    CrossRef  Google Scholar 

  42. Lee RM, Assante MJ, Conway T (2016) Analysis of the cyber attack on the Ukrainian power grid. Technical report, SANS Industrial Control Systems

    Google Scholar 

  43. Momoh J, Mili L (2009) Economic market design and planning for electric power systems, vol 52. Wiley, Hoboken

    CrossRef  Google Scholar 

  44. Morison K, Wang L, Kundur P (2004) Power system security assessment. Power Energy Mag 2(5):30–39

    CrossRef  Google Scholar 

  45. NERC: Disturbance Reports 1992–2009

    Google Scholar 

  46. NERC (2009) FAC-011-2: system operating limits methodology for the operations horizon

    Google Scholar 

  47. OpenStreetMap: Power networks.

  48. Orebaugh A, Ramirez G, Beale J (2006) Wireshark & Ethereal network protocol analyzer toolkit. Syngress, Rockland

    Google Scholar 

  49. Pajic S (2007) Power system state estimation and contingency constrained optimal power flow: a numerically robust implementation. Worcester Polytechnic Institute

    Google Scholar 

  50. Project Group Turkey (2015) Report on blackout in Turkey on 31st March 2015. Technical report, European Network of Transmission System Operators for Electricity

    Google Scholar 

  51. ProSoft Technology: Power success stories.

  52. Reimann J, Rose J (2015) Eclipse SCADA: the definite guide

    Google Scholar 

  53. Roland Berger (2014) Study regarding grid infrastructure development: European strategy for raising public acceptance. Technical report, European Commission Tender No. ENER/B1/2013/371

    Google Scholar 

  54. SCADA Innovations: Success stories.

  55. Siemens: High voltage substation references.

  56. Stott B, Alsac O, Alvarado F (1985) Analytical and computational improvements in performance-index ranking algorithms for networks. Int J Electr Power Energy Syst 7(3): 154–160

    CrossRef  Google Scholar 

  57. Stouffer K, Falco J, Scarfone K (2011) Guide to industrial control systems security. NIST Spec Publ 800(82):16

    Google Scholar 

  58. Symantec: Dragonfly: Western energy sector targeted by sophisticated attack group.

  59. Technavio: Global smart grid transmission and distribution equipment market 2016–2020.

  60. Turitsyn KS, Kaplunovich PA (2013) Fast algorithm for N-2 contingency problem. In: 46th Hawaii international conference on system sciences (HICSS). IEEE, pp 2161–2166.

  61. U.S. DHS and FBI: US-CERT: advanced persistent threat activity targeting energy and other critical infrastructure sectors.

  62. Zachariadis T, Poullikkas A (2012) The costs of power outages: a case study from Cyprus. Energy Policy 51(Supplement C):630–641

    CrossRef  Google Scholar 

  63. Zimmerman RD, Murillo-Sánchez CE, Thomas RJ (2011) MATPOWER: steady-state operations, planning, and analysis tools for power systems research and education. Trans Power Syst 26(1):12–19

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Anastasis Keliris .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Keliris, A., Konstantinou, C., Sazos, M., Maniatakos, M. (2019). Open Source Intelligence for Energy Sector Cyberattacks. In: Gritzalis, D., Theocharidou, M., Stergiopoulos, G. (eds) Critical Infrastructure Security and Resilience. Advanced Sciences and Technologies for Security Applications. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-00023-3

  • Online ISBN: 978-3-030-00024-0

  • eBook Packages: Computer ScienceComputer Science (R0)