Exclusive Webinar:

Join us Oct. 6 as Rockwell Automation & Dragos CEOs reshape the way you approach cybersecurity in manufacturing.

Skip to main content
Industrial Cybersecurity in the
Electric Grid Operations

86% of Dragos services customers in the electric industry had limited to no visibility into their ICS/OT environment.

Cyber threats continue to increase at an accelerating rate for the electric industry with impacts ranging from potential blackouts to safety events. Utilities facing these challenges cannot undertake the journey alone. Instead, they need to pursue partners and technologies, like Dragos, that support their operational needs and business objectives. By implementing internal network security monitoring (INSM) with the Dragos Platform, asset owners and operators can actively defend their industrial control systems with the world’s most robust ICS/OT cybersecurity technology and the largest team of practitioners who built it.
Case Study

Industrial Strength Cybersecurity for Electrical Substations

In recent years, there has been a continual rise in sophisticated cyber threats to electric grid infrastructure. with the intent of causing significant operational disruptions. Substations are critical components of the generation and transmission of electricity, making them a top target. Cyber attacks, if successful, can disconnect generation and transmission lines resulting in grid failures and widespread blackouts.
High voltage power transformer substation
an icon depicting cybersecurity. The green gradient icon has a square with a padlock in the middle and multiple arms

Visualize, Detect, and Respond to Threats against Your Operations

POMERANIA DISTRICT,POLAND - DECEMBER 8,2018: Aerial view of electricians working on electric poles to install and repair power lines.

Protect your assets and respond to threats against generation, transmission, and distribution systems — all in one place.

The Dragos Platform provides ICS defenders with unprecedented visibility of their assets and communications, knowledge of threats through intelligence-driven analytics, and prescriptive guidance via playbooks to investigate and respond to incidents.


Gain in-depth visibility of threats electric systems face.

Make global situational awareness part of your comprehensive security strategy with Dragos ICS Threat Intelligence. Receive pertinent reports via email or our online portal, and participate in live quarterly webinars with our deeply experienced team of ICS/OT intel analysts.

Manage icon

Attack electric sector cyber threats from all angles.

Dragos’ experienced Professional Services team can be dispatched to perform a variety of activities that allow you to fully understand your ICS environment, mitigate risks, and respond to threats confidently. Instructor-led ICS training classes are also available year-round.


The clear understanding Dragos has of the environment in which we operate allows us to cut through the hype around many potential industry vulnerabilities, so we can focus on the ones that matter most as we look after vital infrastructure and ensure supply to our customers.

National Grid

Known Activity Groups Targeting Electric Systems

The electric industry is a prime target for adversaries seeking to exploit industrial controls systems environments. An attack can happen at any point across the major stages of operations. To help protect your infrastructure, Dragos tracks eight activity groups targeting the electric sector and will continue to update this list as more information becomes available.

a token from CHERNOVITE has the capability to disrupt, degrade, and potentially destroy industrial environments and physical processes in industrial environments.
since 2021
CHERNOVITE has the capability to disrupt, degrade, and potentially destroy industrial environments and physical processes in industrial environments.
ERYTHRITE adversary group trading card from Dragos
since 2020
ERYTHRITE is an activity group that broadly targets organizations in the U.S. and Canada with ongoing, iterative malware campaigns.
KOSTOVITE adversary group PETROVITE trading card from Dragos
since 2021
In March of 2021, the activity group KOSTOVITE compromised a renewable energy operator.
adversary group PETROVITE trading card from Dragos
since 2019
PETROVITE demonstrates Stage 1 of the ICS Kill Chain capabilities and targets mining and energy operations in Kazakhstan.
since 2019
VPN compromise of IT networks to conduct reconnaissance
since 2014
Known to facilitate operations leading to disruptive ICS attack
since 2019
Focused on physical destruction and long-term persistence
Xenotime logo
since 2014
Focused on physical destruction and long-term persistence
Electrum Icon
since 2016
Electric grid disruption and long-term persistence
dymalloy logo
since 2016
Deep ICS environment information gathering, operator credentials, industrial process details
Magnallium logo
since 2017
IT network limited, information gathering against industrial orgs
Raspite logo
since 2017
IT network limited, information gathering on electric utilities with some similarities to CHRYSENE
Parisite logo
since 2017
VPN compromise of IT networks to conduct reconnaissance
wassonite logo
since 2018
IT compromise and information gathering
Allanite icon
since 2017
Watering-hole and phishing leading to ICS recon and screenshot collection
Chrysene logo
since 2017
IT compromise, information gathering and recon against industrial orgs

Cyber threats don't wait _

Join us on the frontlines with the latest webinars and events.

ICS/OT Networking Sundowners Event – The Hague

The Hague


Celebrating Manufacturing Day in North America: Executive Insights into Manufacturing…


Hou.Sec.Con 2023

Houston, Texas

10.12.23 – 10.13.23