Substation RTU compromise
Industroyer / CrashOverride (2016) and Industroyer2 (2022) targeted substation automation directly. The attack signature was the unauthorized control write — and the consequence was the lights.
MITRE T0827, T0855
Solutions · Energy & Power
From substation to grid — process truth at the controller.
OT integrity for generation, transmission, and distribution — where every relay, RTU, and grid-control PLC is continuously monitored at Level 0/1 against its own learned behavior, anchored on verified firmware and program integrity.
Aligned to
- NIST SP 800-82 rev3
- IEC 62443
- MITRE ATT&CK for ICS
- NERC CIP
- DoW Zero Trust for OT
Why it matters in Energy
The risks energy can't afford to miss.
Generation control manipulation
Unauthorized writes to governor or excitation systems can swing frequency or voltage, stress equipment, and create cascading trips.
Grid-balance attacks
Coordinated load manipulation across multiple substations can stress system inertia and trigger protective relays in patterns that look like equipment failure.
Unauthorized writes to substation and gen-control PLCs
Substation RTUs, breaker controls, and generation governors all share a property: an unauthorized write at the controller has the same physical effect regardless of how it arrived (insider, compromised engineering workstation, lateral movement). OTegrity catches the PLC-side outcome.
How OTegrity helps
What OTegrity does for energy.
Per-substation behavioral baseline
Self-calibrated baselines per substation — relay timing, breaker operations, transformer telemetry — detect unauthorized control writes within seconds.
Relay & RTU firmware integrity
Direct-from-controller integrity validation on every monitored relay and RTU. Firmware or program changes are detected and alerted in real time.
Integrity-anchored classification
A behavioral anomaly during an unauthorized firmware change is automatically classified as a Cyber Attack — distinct from equipment fault or operational stress.
Relevant frameworks
- NERC CIP
- FERC Order 901
- DoE C2M2
- NIST SP 800-82 rev3
- IEC 62443
Bring it to your environment
See OTegrity on your energy process.
A live walkthrough on a process similar to yours — values, rates, timing, relationships, and classification — and how it fits alongside your existing stack.