On December 23, 2015, regions of Western Ukraine, Ivano-Frankivsk faced a major power cut, which sources more than 230,000 residents to fall into darkness. The outage did not remain for longer than six hours but its effects lasted longer.
This blackout marks the first-ever succeeded cyber attack that hacked a power grid and followed hackers to retain inspection of control networking system. Just within two and half years, the threats for more cyber attacks continued to come globally over electrical system. Therefore, computer experts warned that similar attacks on the Western electrical system could result deadly.
US cities are the newest victims of this cyber attack, officials of DHS (Department of Homeland Security) reports that the electrical control room this week had been infiltrated by Russian hackers. Russia seems the same country blamed by Ukraine for the 2015 cyber attack.
An analyst reports the agency that ‘hundreds of victims’ was claimed by the hackers. According to The Wall Street Journal, hackers had the skills to cause blackouts globally and they first reported their federal briefing claims as well. It is not for the first time that US accusing Russia of continuing cyber hacking operations against major infrastructure, with DHS and FBI’s joint report in March claimed intrusion of Russia.
Russia not only denied Ukraine attacks but also the US blames, as there was no proof offered by either of the victims to exactly implicate Russia. Regardless of the attacks sources, experts have dismissed the probability of immediate threats, suggested recently in most reports.
During the 2015 Ukraine attack investigation, a former NSA (National Security Agency) cyber expert, Robert Lee was consulted, he reports that the word ‘blackouts’ was misused considering what exactly happened in the US power grid. Lee said to The Independent, “What we observed between 2016 and 2017, which is the time period the DHS is referring to, was essentially reconnaissance”. He continued, “The adversaries were stealing sensitive information such as screenshots of sensitive screens and components in the industrial networks. It was alarming but would not have resulted in blackouts or the scenarios being described.” The type of data collected is important for hackers in the primary stages of developing attacks and threats to attack Ukraine system serves as a dry run for more serious attacks on the US.
Beyond traditional air, sea and land routes of attacks, cyber attacks have also become sectors to attack. Considering all the previous cyber attacks, it is now clear that these types of activities for interconnected societies are ‘simply the new reality’, reports Ross Rustici, Senior Director of Cybereason, a Boston-based cyber security firm.
In teams of traditional warfare costs, the approach has the advantage of being destructive, secretive and incredibly disruptive as well. Other than just power grids, hackers can also cause huge damage to water and sewage treatment systems, transportation system and even industrial chemical production plants. Entrance to Control system could not only allow hackers to resolve the critical infrastructure but can also cause physical damage due to overloaded power plant explosions, to cities facing floods with sewage by pump reservation.
Rustici reports The Independent, “These systems are poorly defended and have the largest capacity for real-world effects.” He further warns: “The next true interstate war will include these types of actions and right now there isn’t a single country that has sufficient defenses to prevent a determined adversary from being successful.”
Synopsys’s Director of Solution Management, Ofer Maor says, “It is hard to set a limit on the potential damage hacking industrial control systems can lead to… Imagining an attack that causes a blackout is simple but imagines a case where the vulnerability in a power plant’s control system can be used to bypass load limitations, driving the power plant to work overtime, leading to an explosion, or reversing a sewer pump to overflow sewers across an entire city.”
This serious issue has been monitored by Coalfire, consultancy firm of global cybersecurity, with the support of the company’s UK Managing Director, who says that the end achievement may be hackers expected motivation.
Barratt reports The Independent, “It’s impossible to rule out cyber warfare, given that it’s hands-down a more cost-effective theatre of battle.” He continued: “Nation states or other organizations no longer need to deploy a nuclear sub to a country’s coastline when they can either take down sections of its energy grid or worse, override safety features and cause explosions or other damage within production plants.”
Other possibilities behind the attack are the commercial cybercriminals, who earn profit from collecting data by extracting the victims or by selling important data to other sources. This sorts of data collection act as a more harmful threat to the victims through dark web markets. Hackers within the shady forums are backed by nation-states, which permits them to cause serious danger to rival states through cyber attacks on critical systems.
Barratt says, “Whether it is power grids or other vital infrastructure, these systems are a matter of life and death and you don’t need a wild imagination for attacks on them to start sounding like the plot of a Hollywood blockbuster.” He also stated that “If these were attacked, the reality could be very severe. Lives would be at risk.”
What are the intentions of Russia behind this cybercrime? Doubt and disruption serve as an immediate weapon developed by Kremlin against the US, created from the object of Donald Trump’s presidential campaign to dismissal of Vladimir Putin of US envoy’s from Moscow.
This scheme is a modern warfare theory part, which first laid out by General Valery Gerasimov, Chief Executive of Russian Armed Forces in 2013. In a Military Trade Magazine published article, Gerasimov disclosed a modification in Doctrine from traditional large-scale warfare to a hybrid. It is an ‘asymmetrical’ approach, which can successfully hack a rival society rather than just conducting attacks physically. In the article, he wrote, “Long-distance, contactless actions against the enemy are becoming the main means of achieving combat and operational goals.”
Gerasimov says, “The very ‘rules of war’ of change. The role of non-military means of achieving political and strategic goals has grown, and, in many cases, they have exceeded the power of force of weapons in their effectiveness.” His 2000-word article got published just a year before the researchers of cybersecurity outlined the hacker’s team, which some analysts linked to intelligence service of Russia. Some of the high-profile cyber attacks have already been linked to the team targeted every one of White House, World Anti-Doping Agency, and French television as well.
The US system penetration by hackers of Russia may not necessarily be the predecessor to further cyber attacks. One of the significant explanations of the Gerasimov Doctrine would be the simple knowledge of hackers within such created systems with enough doubt and disruption for it as a system of warfare in itself.
Forcepoint’s head Investigator told The Independent, “It seems safe to assume that even temporary disruption of critical national infrastructure, such as electricity and gas supplies, could have significant and debilitating economic effects.” The head investigator concludes cybercrime is not a traditional warfare form. Meanwhile, Rustici reminds all about more power disruption beyond hacking.
It is only the factor of intelligence service whether a serious attack is taking place or not, which is expected to know, though expert warns about the major attacks that would be a part of a war between the countries.
Rustic said, “The likelihood of this type of activity causing a major disruption is very low.” He continued says, “This is a capability that a country should only contemplate using in times of war because there is no walking back from this type of action.”
Photo Credit: Independent