Ukrainian state power distributor Ukrenergo announced on Tuesday its plans to invest up to $20 million to boost its cybersecurity.
According to Reuters, chief executive Vsevolod Kovalchuk said the company is working to implement a new cyber defense system by 2020, including new software and “administrative actions.”
In a briefing, Kovalchuk told reporters that Ukrenergo and international consultants had identified roughly 20 threats – however, all would be neutralized with the new system.
“We have developed a new concept of cyber security whose key goal is to make it physically impossible for external threats to affect the Ukrainian energy system,” said Kovalchuk.
The Kyiv-based company has been a top target for cyber-attacks in recent years.
In December 2015, attackers used stolen user credentials to remotely access and manipulate the industrial control systems, successfully shutting off power for 225,000 people in western Ukraine.
One year later, hackers hid in Ukrenergo’s IT network for months, acquiring privileges and studying the company’s infrastructure before knocking the power offline.
“The team involved had quite a few people working on it, with very serious tools and an engineer who understands the power infrastructure,” said a cybersecurity researcher assisting in the investigation at the time.
Furthermore, in June 2017, Ukrenergo was among the first victims of the infamous NotPetya ransomware outbreak that spread around the world, which impacted thousands of machines, factories and offices, across 60 countries.