Tag: Ukraine

Reinforcing Energy Security in Ukraine: Highlights from the eFORT Project

Joint Stock Company “Prykarpattyaoblenergo” is a distribution system operator located in the Ivano-Frankivsk region of western Ukraine. The company’s specialists are responsible for maintaining power grids that consist of over 26,000 km of overhead and underground power lines, along with more than 6,000 transformer substations. The licensed operational area of the enterprise spans 14,000 square kilometers, through which two billion seven million kilowatt-hours of electricity are transmitted annually.

The primary task of JSC “Prykarpattyaoblenergo” is to ensure reliable and uninterrupted power supply to both the population and businesses within the region. A key factor in maintaining the quality of services is the cybersecurity of its information and operational networks. Since the onset of the ongoing conflict in Ukraine, the company’s cybersecurity department has faced numerous challenges and a significant increase in attacks.

Participation in the eFORT project represents a vital activity aimed at minimizing risks in cyberspace. Within this project, JSC “Prykarpattyaoblenergo” serves as a potential end-user of eFORT solutions and acts as a testing ground to demonstrate the effectiveness of the developed solutions.

The development of innovative solutions in the field of cybersecurity for Electrical Power and Energy Systems (EPES) necessitates a detailed study and understanding of the cyber threat landscape that an electric power company encounters daily. These activities were successfully initiated and carried out in collaboration with CIRCE, iSolutions, and JSC “Prykarpattyaoblenergo” within the framework of the eFORT project. The primary objective was to obtain and thoroughly analyze traffic from the operational networks of the Distribution System Operator (DSO) for cyber threats. The data obtained is extremely valuable and will be used in the eFORT project to guide the goals and directions of further innovative work.

Figure 1 Overall network architecture and points for capturing data

JSC “Prykarpattyaoblenergo’s” cybersecurity specialists, together with representatives from iSolutions, organized and executed traffic capture at various points in the DSO’s information and operational networks as part of the preparation for the Use Case demonstration scenarios. A substantial amount of data was collected for analysis. iSolutions provided valuable consultations and technical support for selecting the optimal network points for traffic capture. The process was divided into several stages, utilizing network devices provided by CIRCE. The data recording spanned more than a week, and the resulting data sets were handed over to CIRCE’s team of specialists, led by Esteban Damián Gutiérrez Mlot, a Computer Science Specialist at Fundación CIRCE.

The analysis of network traffic data was conducted by CIRCE using Malcolm, a powerful network traffic analysis tool suite. Malcolm automatically normalises, enriches, and correlates data for comprehensive analysis, providing robust visibility into network communications through two distinct interfaces: OpenSearch Dashboard, which offers flexible data visualisation, and Arkime, a tool designed for identifying and analysing network sessions related to suspected security incidents. For threat detection, Malcolm processes network packets through two Intrusion Detection Systems (IDS), Zeek (formerly Bro) and Suricata.

Figure 2 Threats detected in inbound traffic

The bar chart (Figure 2) provides an overview of the attack types detected within the network traffic. The most prevalent attack category is scanning, representing a significant number of detections. Additionally, HTTP attacks show a notable frequency. These findings highlight that scanning activities, indicative of reconnaissance or probing, are the most recurrent threat, followed by a substantial number of HTTP attacks. Lower-frequency categories, such as denial of service, execution, discovery, and defence evasion, are particularly concerning. Despite their lower frequency, these less common attacks demand heightened attention due to their potential severity and specialised nature.

The outbound network serves as the gateway connecting external networks to the vital infrastructure of the electrical substation. Securing this network is paramount to safeguarding the critical processes that form the backbone of the substation’s operations.

Figure 3 Threats detected in outbound traffic

As expected, the outbound network exhibits significantly fewer threats compared to inbound traffic. Nevertheless, it is crucial to secure this area effectively, emphasizing the need for robust security measures to mitigate potential risks.

As a result of the work carried out and the deeper analysis conducted, JSC “Prykarpattyaoblenergo” has developed several technical and software measures to improve the security of the region’s power grids, which is extremely significant and important. The effective collaboration of specialists from CIRCE, iSolutions, and JSC “Prykarpattyaoblenergo” within the framework of the eFORT project has provided not only valuable contributions to the project but also advanced, innovative experiences and directions for strategic initiatives to enhance the cybersecurity of the Ukrainian DSO.

Contact us

contact@efort-project.eu

Follow us on:

Fortifying the Power Grid: JSC Prykarpattyaoblenergo’s Role in Advancing Cybersecurity through the eFORT Project

Early stage of constructing a testbed

The power system is the backbone of the economy, with every sector reliant on a stable supply of electricity. Any disruption can significantly impact essential services such as finance, communication, heating, gas, and water supply. With the proliferation of digital devices and advanced communication systems, the threat landscape for power grids has expanded, posing increased risks of cyber-attacks, data breaches, and other security challenges.

As one of the leading Distribution System Operator (DSO), effort partner, JSC “Prykarpattyaoblenergo” recognizes the critical importance of cybersecurity. This is why they are actively participating in the eFORT project, funded by the European Union, to enhance the resilience and reliability of power grids against cyber threats, physical failures, and data protection issues.

Their commitment to innovation and security is demonstrated by their extensive infrastructure: over 26,000 kilometres of power transmission lines, more than 6,700 transformer substations, and the transmission of approximately 2.7 billion kilowatt-hours of electricity annually across nearly 14,000 square kilometres. With a dedicated team of over 3,000 employees, they ensure the provision of reliable power to homes and businesses in the Ivano-Frankivsk region of Ukraine.

Detailing of certain equipment of the test stand.

Detailing of certain equipment of the test stand

The eFORT project aims to develop technological solutions for detecting, preventing, and mitigating risks and vulnerabilities within power systems. JSC “Prykarpattyaoblenergo” plays a pivotal role as a demonstration site for testing a cutting-edge software/hardware solution designed to encrypt data exchange between high-voltage substations and the grid operator. This includes the Secure Box, which will be tested in a laboratory setting that mimics the operational environment of our high-voltage substations. The testing encompasses both state-of-the-art equipment provided by Schneider Electric and older, yet widely used, equipment in Ukraine’s power grids.

Currently, the DSO is focused on creating and configuring the test bench to emulate the entire substation control chain—from the grid dispatcher’s computer with an active SCADA scheme to the high-voltage switch at the substation. The primary focus is on the command transmission link from the central dispatch centre to the remote substation, where the Secure Box will be installed and tested.

 Part of the schematic of a real power grid in the SCADA system for testing

Another significant aspect of JSC “Prykarpattyaoblenergo ‘s involvement in the eFORT project is the development of enhanced security designs for high-voltage substations using BIM technology. In collaboration with iSolutions, they conducted a comprehensive three-dimensional scan of the Iltsi Substation 110/35/10kV, generating a highly detailed point cloud. Based on this data, CIRCE will create a detailed 3D model of the substation to showcase the benefits of the latest BIM methodology in improving substation security design.

The results of three-dimensional scanning of the substation
The results of three-dimensional scanning of the substation
The results of three-dimensional scanning of the substation
The actual appearance of the Iltsi Substation 110/35/10 kV

In today’s world, JSC “Prykarpattyaoblenergo” is acutely aware of the severe threats posed by attacks on power grid management systems, which can result in significant financial losses and even human casualties. Their active participation in the eFORT project not only contributes to the advancement of critical infrastructure protection technologies but also strengthens the resilience of energy companies against future cyber challenges. This initiative allows DSO to gain valuable experience from the European Union in critical infrastructure protection, reinforcing our commitment to safeguarding the power grid.

Through these efforts, JSC “Prykarpattyaoblenergo” is at the forefront of enhancing cybersecurity in the power sector, ensuring a more secure and reliable power supply for the future.

Contact us

contact@efort-project.eu

Follow us on: