Analyzing the 2015 Ukraine power grid cyber-attack: a quantitative assessment of adversary behavior and impact

The security of critical infrastructures, such as power grids, water treatment facilities, transportation networks, financial systems, and communication networks, is essential for social stability. These systems deliver vital services, but are increasingly reliant on digital control mechanisms, making them vulnerable to cyber threats. A successful cyberattack on any of these infrastructures could lead to widespread disruptions, significant financial losses, and in severe cases, risks to public safety. An effective cyber-security risk assessment process requires structured methodologies that identify vulnerabilities and anticipate adversarial behavior. Traditional risk assessment approaches rely on static and qualitative analyses that focus on known vulnerabilities and configurations, but lack dynamic attack simulation. In contrast, formal modeling and simulation-based techniques provide a quantitative framework to analyze possible attack paths and their likelihood of success. Among these formal methods, the ADVISE (ADversary VIew Security Evaluation) formalism offers a structured approach to assess cyber threats from the perspective of an adversary. This paper explores the application of the formal security evaluation framework, ADVISE, to model and analyze the 2015 Ukraine Power Grid cyber-attack. It specifically highlights the impact and the importance of the execution timing of the attacks, the adversary capabilities, and the effects of countermeasures throughout the progression of cyber-attacks. This framework simulates attack dynamics and quantifies the security risks associated with the Ukrainian Power Grid, thereby complementing the qualitative analyses conducted in previous studies.