A Decade After the First Cyber Attack on Civilian Power Infrastructure: Lessons, Evolution, and Imperatives 

On December 23, 2015, a threat group successfully disrupted power in Western Ukraine, marking the first confirmed cyber attack to cause power outages in civilian infrastructure. Join Robert M. Lee (CEO, Dragos) and Tim Conway (Technical Director of ICS/SCADA Programs, SANS Institute) — who helped lead the investigations into the 2015 and 2016 Ukraine incidents—as they reflect on this event that fundamentally changed how the world understands cyber risk to critical infrastructure.

This retrospective webinar examines the 2015 and 2016 Ukraine attacks from the perspective of those who investigated them firsthand. Lee and Conway will explore why these attacks were significant not just to Ukraine, but to electric utilities, critical infrastructure operators, and industrial organizations worldwide. They'll discuss how the threat landscape has evolved over the past decade, share critical lessons learned from the investigations, and outline key imperatives for securing the infrastructure that enables daily life and human advancement. 

This is an educational session for the OT cybersecurity community, offering historical context, technical insights, and actionable guidance for building resilient critical infrastructure defenses in an era of persistent, sophisticated threats. Lee and Conway will welcome questions at the end of the webinar in an interactive Q&A.