Power grids are among the most critical infrastructures in modern societies, and their disruption can quickly affect everyday life, public safety, business continuity and national security. This article discusses how hybrid influence can exploit vulnerabilities in physical infrastructure, power distribution networks and organizational practices. The discussion is based on the NATO-funded R-GRID project, a Laurea master’s thesis and expert workshop materials.

Introduction

A power grid is a complex system which has a broad impact on various sectors of societies. State and other malicious actors may attempt to destabilize the system without a military strike, i.e. kinetic engagement. In this context, kinetic engagement refers to the use of physical force, such as military strikes or sabotage, instead of purely cyber, informational or organizational means (See more Silobreaker s.a.). This article is written in the framework of “R-GRID – AI Algorithms for Power Grids” -project, hereafter referred to as the project. The article is based on Konsta Fagerlund’s thesis “Hybrid Threats to Power Grid: A Case Study on Vulnerabilities in the Power Grid” (Fagerlund 2025) and project workshop materials. The respective workshop was arranged in Laurea University of Applied Sciences campus in Tikkurila, Finland on 23 September 2025.

Why Power Grids Matter?

Dr. Marcin Lipka presented in the workshop “the new threat paradigm” and in parallel with it can a new “security paradigm” be introduced.(Lipka 2025)

Lipka presented one definition for the hybrid threats: “Coordinated and synchronized actions by state and non-state actors that combine military, and non-military means to achieve strategic goals”. By Lipka Hybrid threat characteristics are as follows:

• Multi-domain:(cyber, information, economic, kinetic)
• Operating below the threshold of open conflict
• Deliberately blurring the line between war and peace
• Difficulty in clear attribution (making it hard to identify the attacker)
• Global scale and evolving tactics (Lipka 2025)

Within Laurea UAS led project “EU-HYBNET – Empowering Pan-European Network to Counter Hybrid Threats” the hybrid threat was characterized in way that the centric objective in hybrid influencing is to, addition to Lipka’s characteristics, undermine public trust in democratic institutions, deepen unhealthy polarization both nationally and internationally, challenge the core values of democratic societies, gain geopolitical influence and power through harming and undermining others, and affect the decision-making capability of political leaders (Giannopoulos, Smith & Theochariou 2020).

Additionally, unintentional acts and accidents such as environmental reasons (wind, snow, freezing, floods etc.) must be taken into consideration. The Finnish Security and Intelligence Service has also expressed another perspective in its review “Overview of state espionage and influencing” (Finnish Security and Intelligence Service 2026) stating that not all occurrences are state induced malicious actions. These unintentional and undeliberate events can be used for hybrid related information warfare and influencing.

Whatever the reason for damage or malfunction is, the owner or responsible organization should act accordingly – and rapidly. What comes to predictability is that the unintentional events may be harder to anticipate. As presented in Fagerlund’s thesis the intentional attacks can be connected to increased reconnaissance or different kinds of increased or exceptional activity or deviations (Fagerlund 2025).

In line with abovementioned, Lipka presented in the workshop the Electric Power Sector as a strategic objective, because the power grid enables all kinds of functions of modern society and disruptions of the power grid cause cascading effect(s) – initial failure in a system triggers a chain reaction of subsequent failures. By attacking power infrastructure, the aggressor achieves the maximum effect with low cost.

R-GRID project

A NATO-funded R-GRID project (2024–2026) (R-GRID s.a.) aimed to resist abovementioned hybrid and military or kinetic attacks on energy networks by developing an artificial intelligence -based simulator that models possible attacks. The goal was to identify which weaknesses an attacker would most likely exploit and how their effects can be prevented, so that local and wider power outages can be avoided. The simulator helps to reduce damages and to allocate repair resources where they are most urgently needed in order to keep whole grid functioning and minimizing the consequences of the attack. As a part of the project, Konsta Fagerlund from Laurea UAS wrote master’s thesis that concentrated on hybrid attacks against physical power grid infrastructure. Fagerlund’s thesis demonstrates that critical vulnerabilities in the power grid are found not only in individual devices but also in physical infrastructure, data networks, and organizational operations.

Three Methods, One Overall Picture

In Fagerlund’s thesis the power grid was examined as a qualitative case study. The data was collected through literature analysis, observation of seven power grid substations in Finland and semi-structured expert interview. Combining these methods strengthened the reliability of the results and helped identify vulnerabilities from both a technical and an operational perspective. (Fagerlund 2025) On a power grid substation the high voltage is transformed to lower voltage, for example to the voltage, which can be used in homes and businesses.

Interfaces and People as the Greatest Risks

According to the results of the thesis, the risks in the power grid accumulate at points where physical infrastructure, data networks, and human activity overlap. The study focused on substations as they are one of the most vulnerable areas of the power grid and relatively accessible from the perspective of hybrid influence. At many power grid substations, physical security solutions were inconsistent and varied, and surveillance systems were inadequate. The inconsistency is influenced by the lack of clear guidelines or standards for protecting substations from a security perspective. The construction of substations has mainly focused on occupational and electrical safety, while controls and protections aimed at preventing malicious acts have received less attention. Substations are products of their time; they were not primarily designed to withstand major attacks, such as those carried out with firearms or explosives, let alone kinetic engagement by military force or other capable force. In addition to military threats also terrorism comes into consideration. (Fagerlund 2025)

If outdated information systems are in use and data networks are poorly segmented, the attack surface increases. Attack surface means possibilities or vulnerabilities of the respective system for the attack. Human factors, skills gaps, and insider threats emerged as key vulnerabilities because personnel have direct access to critical sites. Furthermore, the long delivery times for high-voltage transformers and other nodes prolong recovery from serious disruptions. The lack of protection could be compared to a situation where there is no clear framework for protecting government classified information administratively, physically, or technically. (Fagerlund 2025)

Warning Signs and Preparedness

The research also identified signals that may indicate an ongoing hybrid operation. These include, for example, anomalies in network traffic or unusual attempts to increase user privileges from atypical sources. Based on these, power grid operators can develop alert rules and systematically monitor observations related to infrastructure, data networks, or organizational operations. (Fagerlund 2025)

In conclusion, the thesis emphasizes integrated risk management, harmonized physical protection solutions, sharing of situational awareness, and close cooperation between network operators and authorities. The results of the study could be directly utilized in R-GRID simulator scenarios and provide energy companies with a concrete basis for prioritizing security measures and resources. (Fagerlund 2025)

Towards new security paradigm

Lipka introduced a new threat paradigm related to silo model and further the isolation paradigm. In the silo model different interdependent vertical (security) functions or domains are divided into silos, which are not well coordinated, there is lack of communication between the siloes and operational understanding is fragmented. This can also be called a new security paradigm in which due to commercialization the security governance mechanisms are scattered, the responsibilities are not clarified, and response capabilities are low and uncoordinated. All this together creates a strategic vulnerability.

Acknowledgements

This article is written as a part of “R-GRID – AI Algorithms for Power Grids” -project, funded by The NATO Science for Peace and Security Programme. Laurea is part of the consortium with the Polish Association for National Security, the Ukrainian Institute for the Future and IDEAS NCBR.

Generative AI has been used for language editing of this article.

References

• EU-HYBNET – Empowering Pan-European Network to Counter Hybrid Threats. Read on 14 April 2026.
• Fagerlund, K. 2025. Hybrid Threats to Power Grid: A Case Study on Vulnerabilities in the Power Grid. Master’s Degree. Security Management. Laurea University of Applied Sciences. Vantaa. Read on 23 March 2026.
• Finnish Security and Intelligence Service. Overview of state espionage and influencing. Read on 23 March 2026.
• Giannopoulos, G. Smith, H & Theochariou, M. (Eds.). 2020. The Landscape of Hybrid Threats: A Conceptual Model Public Version. European Comission, Ispra. Read on 23 March 2026.
• Lipka, M. 2025. Workshop presentation at Laurea University of Applied Sciences in Vantaa on 23 September 2025. Unpublished.
• R-GRID – AI Algorithms for Power Grids. Homepage. Read on 23 March 2026.
• SiloBreaker. Kinetic Attack. Read 1.6.2026.