Akademik Veri Yönetim Sistemi
Applied Sciences (Switzerland), cilt.16, sa.1, 2026 (SCI-Expanded, Scopus)
The electric power grid constitutes a foundational pillar of modern critical infrastructure (CI), underpinning societal functionality and global economic stability. Yet, the increasing convergence of Information Technology (IT) and Operational Technology (OT), particularly through the integration of Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS), has amplified the sector’s exposure to sophisticated cyber threats. This study conducts a comparative analysis of five major cyber incidents targeting electric power systems: the 2015 and 2016 Ukrainian power grid disruptions, the 2022 Industroyer2 event, the 2010 Stuxnet attack, and the 2012 Shamoon incident. Each case is examined with respect to its objectives, methodologies, operational impacts, and mitigation efforts. Building on these analyses, the research evaluates the extent to which such attacks could have been prevented or mitigated through the systematic adoption of leading cybersecurity maturity frameworks. The NIST Cybersecurity Framework (CSF) 2.0, the ENISA NIS2 Directive Risk Management Measures, the U.S. Department of Energy’s Cybersecurity Capability Maturity Model (C2M2), and the Cybersecurity Risk Foundation (CRF) Maturity Model alongside complementary technical standards such as NIST SP 800-82 and IEC 62443 have been thoroughly examined. The findings suggest that a proactive, layered defense architecture grounded in the principles of these frameworks could have significantly reduced both the likelihood and the operational impact of the reviewed incidents. Moreover, the paper identifies critical gaps in the existing maturity models, particularly in their ability to capture hybrid, cross-domain, and human-centric threat dynamics. The study concludes by proposing directions for evolving from compliance-driven to resilience-oriented cybersecurity ecosystems, offering actionable recommendations for policymakers and power system operators to strengthen the cyber-physical resilience of electric generation and distribution infrastructures worldwide.