Going Manual: Preparation for a CyberAttack Among Puerto Rico’s Electrical Grid System Personnel

Abstract

This research project was intended to assess the ability for Puerto Rico’s power grid administrative authorities to respond to a cyberattack like the one documented in Ukraine in December 2015 The researcher gathered observations during an on site visit as well as interviews with Puerto Rico’s Power Electrical Power Authority’s ( personnel Two simulations were used to replicate possible attack scenarios 1 a Denial of Service Attack illustrated vulnerabilities in the grid communications infrastructure and 2 informed by the Ukraine scenario, we obtained access to the power networks using spear phishing emails with BlackEnergy malware The attack showed that 50 of email receivers opened the email without knowing that their credentials were being potentially revealed to the attacker