Why this project?
You may be asking: why this project? Over the past years, and with increasing intensity in 2025, power grids have become deliberate targets of hostile actions. These actions take various forms, including physical sabotage, malicious cyber operations, deliberate electricity shortages, or combinations of these methods. Perpetrators range from state actors—including armed forces, security services and intelligence services of hostile third states—to non-state actors such as criminals, radical activists, or other organized groups.
The growing number of attacks against power grids represent a serious security challenge. Because attacks on power grids often result in widespread and long-lasting humanitarian consequences, their impact extends far beyond electricity supply alone. Modern societies are deeply dependent on reliable power for the functioning of healthcare systems, water management and treatment, food production, communications, and other essential services. Disruptions to electricity supply therefore pose systemic risks to societal stability and public safety.
The aim of this project is to raise awareness of this evolving security threat and to mobilize informed policy action. Policymakers and strategic decision-makers must recognize the urgency of strengthening power grid resilience and protection in both the physical and cyber domains. Unprotected or insufficiently protected power grids can lead not only to electricity shortages, but also to cascading failures across multiple sectors, amplifying humanitarian, economic, and security impacts.
This project serves as a live repository tracking attacks on power grids worldwide, capturing incidents involving different actors and occurring under various legal regimes, including peacetime and armed conflict. In situations of armed conflict, certain power grid assets—or parts thereof—may constitute legitimate military targets, meaning that their destruction through kinetic or non-kinetic means does not necessarily constitute a violation of international law. Nevertheless, documenting these incidents is essential for understanding patterns, risks, and broader implications.
As NATO Secretary General Mark Rutte recently stated:
“We are not at war, but we are certainly not at peace either.”
This project responds directly to that reality.
Structure of this repo
This repo is still a work in progress and will grow over time as I continue to organize my research. All materials in this repo are based on open-source information and are analyzed using established engineering, analytical and research methods. The repo is structured into Files and Monitors. Files provide long-term, actor-focused analysis and currently include China Files, Russia Files, and Iran Files, while Monitors focus on ongoing observation and contextualization through the Media Monitor and the Incident Monitor. Not all sections are fully populated yet, and content is being added gradually.
- For now, you can explore China Files, where I focus on threats posed by China to power grids. This section includes for example my bibliometric analysis titled China Is Studying How to Hack and Crash Western Power Grids, which provides clear evidence of the Chinese threat to Western power grids.
- Russia Files and Iran Files will be added in the near future and will include analyses related to threats originating from Russian Federation and The Islamic Republic of Iran.
- In the Media Monitor, you will find contextualized outputs from long-term media monitoring. The plan is to publish my entire media-monitoring archive, covering more than 11 years of content related to power grids, but that will take some time.
- In the Incident Monitor, you will find contextualized outputs related to power grid incidents tied to deliberate disruptive events. This section is also being expanded gradually.
If you’d like to learn more about who is behind this project, visit the Who Is Behind This? section.
Enjoy reading.
Now On
Intro
What’s going on in power grids?
Power grids are increasingly exposed to a wide range of threats that span both the physical and digital domains. Historically, the majority of recorded disruptions to electricity infrastructure have been driven by weather-related events. When focusing specifically on human-driven risks, these have most visibly taken the form of physical attacks, often-but not exclusively-observed in areas affected by armed conflict. These threats remain significant and continue to shape how grid resilience is understood and addressed.
Alongside physical risks, power grids have long been subject to cyber-physical threats. These threats differ in important ways, particularly in their ability to be executed remotely and at scale. Cyber operations targeting electricity systems have been documented for more than two decades, including cases that successfully resulted in power supply disruption.
The 2015 blackout in Ukraine, caused by a cyberattack attributed to Russia, clearly demonstrated the impact cyber operations can have on power supply1. A similar consequences can be observed in cyber operations attributed to Iran and its proxies. One example is the incident at Kibbutz Mefalsim, where a local power outage was reported following claims by the Al-Qassam Brigades, the military wing of Hamas, that they had compromised the kibbutz’s electricity control systems2. Chinese state-linked cyber campaigns, including the Typhoon operations, have also focused on gaining and maintaining access to power grids. Assessments indicate that this activity was intended to preserve the ability to disrupt at a later stage3. This is consistent with research4 showing that Chinese scientists from universities tied to Chinese military and intelligence organizations actively study Western power system operations and attack pathways, including methods designed to induce cascading failures.
In earlier phases of grid development, such attacks were more difficult to carry out. Limited digitalization and restricted remote access reduced both the attack surface and the potential impact of cyber intrusions. This no longer reflects the current reality of power systems.
Today’s power grids and power resources are highly digitalized and increasingly dependent on public internet connection and remote management services. Distributed energy resources, like solar, batteries and wind, are now integrated at scale. In some cases, a single technology vendor may retain the ability to remotely manage or influence substantial portions of that installed generation or storage capacity. This introduces new forms of systemic risk, where external interference affecting one vendor can have far-reaching consequences for grid stability.
Despite growing awareness of these challenges, the current environment has yet to reach a level where the physical implications of digitally enabled threats for power system operation are consistently well understood across disciplines. Bridging this gap remains an ongoing challenge and requires sustained engagement mainly between power system engineers, cybersecurity experts, standardization bodies and regulators.
If you use any information from this site in your work, please cite it as:
Langerová, E. The Grid Warfare Project. Curated live repository tracking how power grids are studied, targeted, and exploited in modern conflict. Available at: https://gridwarfare.com/
Acknowledgments
Foundations of Research into Digitalization-Driven Power Grid Threats
Research into a new class of threats emerging from the digitalization of power systems is driven by an outstanding community of researchers, without whose work it would not have been possible to highlight the challenges and begin pushing decision makers for solutions.
Almost everyone working on the topic of digitalized renewables today builds on the research of Willem Westerhof, who was the first to describe a potential scenario in which solar inverters could be abused to trigger a blackout. This scenario became known as Horus and was recently extended into Horus 2.0.
There is also an outstanding commentary by Bert Hubert, who further highlighted the risks posed by cloud-connected solar inverters and the absurdity of their lack of regulation in his article titled The gigantic and unregulated power plants in the cloud.
Complementing this, the DERSec research group continues to maintain a vulnerability and incident tracker focused specifically on distributed energy systems.
After these initial studies were published, a large number of additional researchers joined the effort, building on the early work and beginning to examine more vendors and potential attack vectors. Given their number, it is not possible to list them all here, but they are referenced throughout the articles in the Files and Monitors sections in this repository.
The list of colleagues who are making substantial contributions toward positive change is, however, far broader and it does not include only vulnerability research, but also various efforts toward legislative change and public awareness. Although it is for various reasons not possible to name those individuals explicitly, it is important to acknowledge the work and insightful discussions with colleagues from Israel, Lithuania, Austria, Poland, the Netherlands, Italy, Germany, the United States, Finland, Sweden, Spain, Ukraine, Australia, Belgium and the United Kingdom.