2019 Student Paper Winner / Cybersecurity & Ukraine Power Grid Attack | Standards Michigan

2019 Student Paper Winner / Cybersecurity & Ukraine Power Grid Attack

The First Place winner of the two papers honored in the 2019 ANSI Annual Student Paper Competition is Sam Cohen from Missouri State University. 

Loading
loading...

2019 Student Paper Winner / Cybersecurity & Ukraine Power Grid Attack

December 7, 2019
mike@standardsmichigan.com
No Comments

Missouri State University

Cybersecurity Standards and the 2015 Ukraine Power Grid Attack: Mitigating Catastrophic Cyber Disruptions on Electrical Infrastructure

By Sam Cohen
Missouri State University DC Graduate Campus
Georgetown University

Abstract: The 2015 attack on Ukraine’s power grid represented the first publically documented cyber incident disrupting electrical utility and power distribution control systems. While the
incident was temporary, it impacted critical services supporting 225,000 customers—including businesses, industrial facilities, and government offices. The attack has been recognized as a
highly complex and persistent operation that could have escalated to a significantly larger power outage disaster, threatening long-term essential service disruptions at hospitals, government
facilities, telecommunication sites, and financial institutions. This paper examines how cybersecurity standards developed or approved by organizations such as the National Institute for
Standards and Technology (NIST), the American National Standards Institute (ANSI), the International Organization for Standardization (ISO), the North American Electric Reliability
Corporation (NERC), and the International Electrotechnical Commission (IEC) could have either mitigated or entirely prevented this attack. Specifically, log collection and analysis (NERC CIP007-6 and NIST SP-800-92), external network and boundary protection (IEC 62443-3, adopted as ANSI/ISA 99.03.03), and incident response (NIST-7628 Rev.1 and ISO/IEC 27002:2013) standards are mapped against key cybersecurity gaps that enabled the attackers to compromise and exploit key assets throughout Ukraine. The paper then determines how controls listed in these standards could have assisted cybersecurity and IT staff with the defense of their control systems and supervisory control and data acquisition (SCADA) networks, thereby reducing the destructive potential of the attack and possibly mitigating the disaster altogether. The standards analyzed in this paper are identified for their mitigation utility during the Ukraine attacks, and also for their applicability to any power grid owner or operator aiming to reduce cyber risk.

Issue: [12-78]

Category: Academics, Public Policy

Colleagues: Mike Anthony, Christine Fischer, Paul Green, 

 


LEARN MORE:

ANSI Essential Requirements: Due process requirements for American National Standards. 

ANSI Committee on Education Student Paper Competition

https://www.standardslearn.org/

Missouri State University Department of Defense and Strategic Studies

 

Layout mode
Predefined Skins
Custom Colors
Choose your skin color
Patterns Background
Images Background