Fearing a Potential Dark Age
The Consequences of Cyber Penetration
J. PAUL de B. TAILLON
© 2018 FrontLine Security (Vol 13, No 1)

Advertising bombards us with all the ways in which we can make our lives more convenient by using our one “smart” device to network our entire lifestyle. We can lock our front door while sitting in a different country, turn our lights on or off, all banking is electronic, few people carry currency any more, and our work is dependent on using the Internet, wifi and power. If there was no more power or cyber connectivity, this entire infrastructure would collapse, with no backup to restore life as we know it today.

In December 2016, it was reported that American investigators claimed the power outage that occurred in Ukraine was “caused by a sophisticated attack using destructive malware that wrecked computers and wiped out sensitive control systems for parts of the Ukrainian power grid.” The investigation confirmed what had been theoretical – that cyber warfare can disable the American power grid. This attack, according to Ukrainian authorities, was orchestrated by Russia as a “pattern of undeclared war against its neighbour.”

American experts from the FBI, the Energy Department and Homeland Security assisted Ukrainian authorities in discovering indications that a malware called Black Energy was employed via a coordinated and concurrent attack, and was orchestrated by a professional hacker team against six power providers. According to reports, the hackers launched a severe cyber attack that also knocked out the critical internal systems designed to facilitate the restoration of electricity. Included in the collateral damage were the many computers destroyed during the attack, and a call centre was also taken out of commission. 

A wide spectrum of concerns surfaced for both the Ukrainian and American governments as a result of this brazen attack, as the same malware was found to be resident in some American industrial systems.

Although this has been the first reported cyber attack of such magnitude by Russia, it was already well known that its hackers have systematically targeted American interests in the form of Western oil and gas companies, energy investment firms, and others to ascertain if they could subvert or seize control of the industrial systems that operate these critical energy infrastructures.

By March 2018, these cyber reconnaissance penetrations had evolved to the level of strategic concern when the Trump Administration formally accused Russia of orchestrating cyber attacks that targeted vital American and European infrastructure. These attacks focused on American and European critical infrastructure in the form of nuclear power plants, as well as water and electrical systems. It has been noted that Russian penetration of these assets has exposed their vulnerabilities – to be sabotaged or shut down.

Russian state-sponsored cyber warriors were able to penetrate these critical infrastructures and access the vital control systems. Fortunately, these penetrations did not consist of sabotage or the shutting down of plant operations, yet. Interestingly, computer screenshots provided by the Department of Homeland Security gave clear evidence that Russian state hackers have indeed accessed the controls systems necessary to manipulate or to shut down these critical infrastructures.

According to Eric Chien, security technology director of the digital security firm Symantec, “We now have evidence they’re sitting on the machines, connected to industrial control infrastructure, that allow them to effectively turn the power off or effect sabotage.” He further explained, “From what we can see, they were there. They have the ability to shut the power off. All that’s missing is some political motivation.”

The revelations of these Russian-orchestrated cyber penetrations of critical infrastructures are of serious concern to both Western and American governments, particularly when given the series of cyber attacks that paralyzed Ukraine’s government agencies and financial systems in June 2017. These attacks were likely orchestrated by Russian state-sponsored hacking units that have been notably successful in accessing critical infrastructure, in particular their computer networks in Europe, North America and Ukraine. 

Intelligence sources indicate that some of these well-trained and experienced hackers work within Russia’s Federal Security Service, known as the FSB, the successor of the Soviet era KGB, while other units operate under the rubric of the GRU (the foreign military intelligence agency of the General Staff of the Russian Armed Forces).

The 2015 and 2016 attacks upon the Ukrainian power supply grid underscore the potential that rests with Russian cyber capabilities, as these attacks resulted in over 200,000 Ukrainian citizens being denied power for an extended period. An analysis of Russian cyber hacks took a noticeably aggressive turn in December 2015, when their penetrations were no longer seen as intelligence gathering but rather potentially orchestrating sabotage or shutdown operations that could have catastrophic consequences.

Are we in the West, and in NATO in particular, prepared to effectively undertake and defend against an effective cyberwar? Will NATO’s conventional combined armed force of three million troops (with a massive tank force of 10,000), enable NATO’s countries to effectively fight traditional warfare and the cyber battles of the future?

Today, we live in a perennial state of conflict within the cyber sphere. Cyber warfare, in real terms, can plunge a modern 21st century nation-state into one of medieval darkness that could have seriously disturbing long-term consequences, including national or societal survival. A pre-emptive strike in the form of a well targeted mass cyber strike and the cascading consequences could impart devastating and irreparable destruction on the fabric of a society. 

The primary responsibility of Western governments is the safety and security of its citizenry. It is thus incumbent upon them to ensure that such cyber penetrations are rapidly identified early so that such attacks are effectively neutralized or rebuffed. Just ponder the 50 million people who lost power in 2003 due to a blackout across the northeast United States and Canada. Although this was reported as a natural event, it proves how devastating, and really quite simple, a coordinated attack can be. This includes the vary basics of everyday life, as food perished due to a lack of refrigeration, and bank machines no longer functioned. 

A Library of Parliament report on the blackout stated: “Canada’s gross domestic product fell by 0.7% in August; there was a net loss of 18.9 million work hours; and manufacturing shipments in Ontario were down $2.3 billion.”

It was an abrupt lesson for many in North America on the potential issues should there be no power or cyber access for an extended period of time. 

The 2015 takedown of the Ukrainian electrical grid, leaving 225,000 people powerless, followed by Russian hackers orchestrating a blackout of a large part of Kiev a year later provided further evidence of the devastation from cyber hackers. Although the target was isolated to one country, the domino effect of those trying to work with Ukraine was felt worldwide. Should enough localised pockets experience a disruption or loss of service, it would have a wider impact given the global network of which we are all now an integral part.

Our salient experiences underscore the urgency of securing our critical infrastructure from state and nonstate actors – who now openly seek to disrupt or destroy our respective nations. The failure to do so puts at risk our 21st century cyber world and our entire “smart” way of life.  

===
J. Paul de B. Taillon

RELATED LINKS

Comments