The 2016 attack on Ukraine’s national power company, Ukrenergo, was afollow-up to the 2015 incident.

The attackers (Sandworm/GRU) escalated tactics by encoding ICS manipulations within software (making it scalable) and executing a denial-of-serviceattack against digital protective relays. This was the world’s first known use ofICS-specific malware to remotely open circuit breakers, representing a significantescalation from the 2015 Ukraine power grid hack.

Orchestrated by Russian state-sponsored actors amid the ongoing Russo-Ukrainian War, the attack demonstrated sophisticated reconnaissanceand automation but was contained due to operator intervention and backupsystems. No physical damage occurred, but it foreshadowed destructivecyber-physical threats.

This caused a one-hour outage in northern Kyiv and, critically, inhibitedrestoration efforts by preventing legitimate communications with fieldequipment, forcing operators to perform dangerous, manual restorationactions without full visibility

BlastWave’s solution protects not only the ICS but also the communicationschannels themselves. The reliance on encoded ICS manipulation and a DoSattack to inhibit restoration failed because the attacker assumed they could floodunsegmented, exposed channels.

With BlastWave, the control system communications and the protectiverelays would be cloaked. Only authenticated, authorized control packets canreach them, ensuring that DoS traffic from the attacker cannot reach theessential systems, thereby maintaining the operators’ visibility and ability torestore power safely.