Russia's Continued Cyber Operations Targeting its Adversaries' Energy Sectors
Abstract
Since at least 2009, Russian cyber actors have reportedly made attempts to gain access to the U.S. energy grid. As the Russian cyber threat actors targeting the energy sector have adapted their tactics, techniques, and procedures and evolved their malware to specifically target the energy sector, most companies in the energy sector still have only basic cybersecurity measures in place to protect against attack. Russian cyber actors have not only successfully gained access to the energy sector in multiple countries, they have also used cyberattacks to shut off the electricity to parts of another country more than once and may be preparing to do so again. The purpose of this research project was to determine why Russian cyber operations targeting the energy sector in the United States and other countries continue to be successful and what could be done to counter their effectiveness. This capstone highlighted the vulnerabilities of the energy sector to cyberattack as well as some of the steps being taken to improve the cybersecurity posture of the energy sector. This research project concluded that Russian cyber actors are using common TTP in their attacks on the energy sector, although they continue to evolve their malware to improve its effectiveness requiring continued research. This capstone also found that Russian cyber actors targeting the energy sector understand the industrial control systems they are targeting and modify their TTP and malware specifically for this target set. This capstone recommended changes to government cybersecurity policy, increased information sharing between government and private cybersecurity experts and the energy sector, increased redundancy for critical systems, and the implementation of recommendations from previous research.
- Publication:
-
Masters Thesis
- Pub Date:
- 2018
- Bibcode:
- 2018MsT..........9B
- Keywords:
-
- Information technology;Energy