The war in Ukraine has far surpassed the boundaries of conventional warfare, extending into the realm of cyberspace. The energy sector, in particular, has become a primary target, facing relentless cyberattacks from aggressors. The frequency of these assaults on critical infrastructure has surged fivefold since the onset of the full-scale invasion.

Today, Ukraine faces unprecedented challenges in the energy sector: the loss of control over key industrial assets, continuous attacks on energy infrastructure, and restricted access to essential resources. These factors collectively pose a significant threat to our stability and security.

Moreover, cyberattacks targeting the energy sector can severely disrupt the functionality of the power grid. The primary consequences of such attacks include:

• Service Disruptions: Remote network attacks, ransomware, and malicious software can interrupt essential services such as electricity, gas, and heat supply.
• Data Breaches: Compromise of confidential information can have grave implications for the operations of organizations and the safety of their representatives.
• Financial Losses: The cost of mitigating the effects of a cyberattack can be substantial, both in terms of lost revenue and incurred expenses.
• Reputational Damage: The trust and loyalty of clients and consumers, along with the reputation of an organization, can be irreparably damaged.

Given these challenges, ensuring effective management, timely crisis response, and the secure, coordinated operation of the entire energy sector is critically important.

A comprehensive solution for Ukraine’s energy sector, developed and implemented by the ALESTA systems integration team, is designed to enhance data and information exchange between industry structures, ensuring the uninterrupted functioning of the country and the well-being of its citizens.

Objectives

The primary goal of the project is to improve management efficiency, enable rapid threat response, and ensure the uninterrupted operation of critical infrastructure enterprises by creating convenient, flexible, and reliable tools for informing management about the current state of cybersecurity and energy balance.

The main task is to develop a unified platform for data exchange on cyber threats in the energy sector and to analyze data on energy production and consumption.

Project Background

• High Level of Cyber Threats: In 2023, 19% of all global cyberattacks targeted Ukraine, ranking it second only to the United States. The energy sector has been among the top three sectors in Ukraine that have regularly faced attacks since 2014.
• Challenges in Data Collection and Analysis: Manual processing of all documents from various departments takes up to three business days.
• Interdepartmental Interaction: The lack of a unified system for data collection and analysis complicates the process of responding promptly to challenges.

Solution Selection

After receiving the assignment and conducting interviews with key client representatives, the ALESTA team, which includes cybersecurity, server, and network engineers, initiated a detailed audit of the existing infrastructure.

Based on the collected data, they developed a project plan, defined objectives, key stages, timelines, and resources, and presented it to the client, ensuring transparency and a clear vision for achieving the set goals. They then created a high-level solution architecture, detailed technical specifications, and selected technologies that best met the client's needs. After evaluating options in a test environment, the client chose the optimal solutions for further project implementation in two areas: data exchange and cybersecurity.

Data Exchange and Analysis for Energy Production and Consumption:

Oracle Business Intelligence – a system that provided the tools necessary for the entire analytics process, including data collection and modeling, data preparation and enhancement, as well as their visualization and collaboration, all while ensuring security and management integrity.

Implementing Oracle Business Intelligence enabled the following:

• A unified system of corporate information and reporting for company analysis, regardless of physical location.
• The ability to analyze key performance indicators (KPIs) from multiple sources simultaneously, significantly reducing the time spent searching for necessary information.
• A user-friendly Oracle Business Intelligence interface that allows even non-technical users to easily navigate the system.
• Convenient data visualization that simplifies comprehension and offers a wide range of presentation options from the library.
• Built-in internal analytics, reports, and cross-tables that can be generated at the user interface level without requiring external specialists.
• Access to analytical data and reports anytime and anywhere thanks to Oracle Business Intelligence’s mobile analytics.
• Easy scalability of the solution to accommodate growing business needs.

"This project stands out because the energy sector in Ukraine has not previously implemented such approaches to automating the centralized exchange of operational, critical, and statistical data. The introduction of Oracle BI has opened new possibilities in this area by providing a fully functional business intelligence platform, including interactive dashboards, highly informative reports, specialized self-service analytics, data integration, and convenient administration—all within a modern web architecture. This is a versatile platform capable of addressing various data collection and analytical processing tasks across the energy sector, with the flexibility to scale according to growing needs and adapt to changes.” – Andriy Sheremetiev, Pre-sale Engineer, Server Solutions Department, ALESTA

Cyber Threat Data Exchange:

MISP (Malware Information Sharing Platform) – a platform that provided the collection and processing of information on cybersecurity incidents (hashes, names, addresses, etc.) and allowed for real-time information sharing among sector entities.

Palo Alto Cortex XDR – a platform that enabled threat detection and response in information security by aggregating and analyzing data from various sources, such as network traffic, endpoints (computers, servers), cloud services, and others, for automated threat detection and response.

The implementation of MISP and Palo Alto Cortex XDR provided the following:

• Faster and more accurate identification of new threats thanks to MISP’s extensive database of cyber threats, which Cortex XDR utilizes to improve detection, analysis, and response.
• A more comprehensive view of cyber threats, enhancing situational awareness and enabling quicker identification of complex attacks.
• Reduced resource strain on the security team due to automated data collection and analysis processes.
• Faster adaptation to new types of attacks and the implementation of appropriate protective measures.
• More precise threat analysis, improving the quality of threat prediction and response.

"In this project, one of the critical tasks was to select solutions that not only integrate easily with each other but also provide the most comprehensive and timely information about existing or potential threats. The combination of MISP and Palo Alto Cortex XDR is an excellent example of such synergy. MISP is effectively the standard for sharing cyber incident data. It is used by key European and Ukrainian threat analysis centers, enabling us to receive information from 'first-hand' sources. In the client’s environment, Cortex XDR provides maximum threat analysis and protection capabilities. In summary, the combination of these solutions creates an effective and reliable protection mechanism that meets modern cybersecurity requirements.” – Roman Rozumey, Lead Cybersecurity Solutions Engineer, ALESTA

Project Outcomes

The implementation of a comprehensive data exchange platform based on MISP, Palo Alto Cortex XDR, and Oracle Business Intelligence solutions, along with a series of training sessions by the ALESTA team and post-support for the client over the following months, significantly improved workflows among energy sector branches:

Reduced Response Time to Cyber Incidents: The ability to instantly notify and respond to cyber threats in real-time allows for prompt measures to prevent and minimize impact.

Rapid Information Exchange: Building a unified network for sharing cyber threat information between different representations enhances the overall cybersecurity level in the sector.

Decreased Time for Cyberattack Investigation: The new solutions have significantly reduced the average time spent on investigating each incident.

Availability of Information for Decision-Making: Quick access to relevant data enables management to make more informed decisions based on accurate and reliable metrics.

Increased Productivity: Simplified data access allows employees to complete their tasks more quickly.

Data Reliability and Unification: Automated processes reduce the likelihood of human error in data collection and analysis, as well as eliminate data fragmentation and duplication.

Reduced Reporting Time: Automatic report generation reduces the time required to prepare them.

We are proud to be part of these changes and hope that this success will serve as an example for the Ministries and critical infrastructure enterprises in Ukraine, who also need to ensure their cybersecurity and optimize management in line with modern requirements. Information and data play a crucial role in strategic decision-making today. Our goal is to ensure the security and reliability of data transmission, and we are always ready to support our clients at every stage of this process. Our expertise allows us to provide optimal solutions aimed at sustainable development and increased efficiency, both in business and the public sector.