Jamie Collier is an associate fellow at the Royal United Services Institute and a senior advisor on threat intelligence at the Mandiant. Jimmy McCall is a Research Fellow in Cyber Threats and Cyber Security at the Royal United Services Institute.
The most recent recent leakage of the Nord Stream natural gas pipeline Show the weakness of European energy infrastructure. However, in addition to these physical threats, the continent must also prepare for the possibility of an uptick in cyber attacks this winter.
These potential cyber threats to energy supplies will do a lot of death-promotion as we approach the colder months — but now is the time to prepare, not panic. European governments and energy providers alike must focus on the opportunity to plan for the potential dangers that lie ahead.
So, what kinds of cyber threats might the continent face as temperatures drop?
European energy suppliers are an obvious target for Russian state-sponsored groups, as cyber operations provide an opportunity to put pressure on countries participating in sanctions against Russia, or currently reduce their dependence on Russian energy. Like any other action below the threshold of armed conflict, such cyber operations are also attractive, because they are painted with a veneer of denial. In the Kremlin’s view, undermining public trust would be just as important as any physical or technical disruption that occurred.
Russia’s aggressive operations have routinely pushed the boundaries of what is already “acceptable behavior” in cyberspace. For example, Russian cyberattacks against Ukrainian electricity operators in 2015 And the 2016 It caused a power outage in the depths of winter. and additional destructive malware with extension The ability to stop operations, sabotage industrial processes, and disable safety controls to cause physical destruction It has also been discovered since the start of the invasion.
Besides these devastating operations, Russian intelligence agencies and their partners front companies You are likely to spread false narratives through information operations as well. These campaigns seek to take advantage of internal tensions, to provoke panic and division. In this context, concerns about European energy supplies and cost-of-living pressure could be raised to put more pressure on European governments looking to distance themselves from Russian energy.
Additional threats may also come from cybercriminals, many of whom operate with tacit consentAnd even encouragement from the Russian state. Cybercriminals may have had financial motives in the first place, yet Five Eyes Security and Intelligence Agencies They warned that several Russian ransomware operators have pledged support to the government. These groups have a proven track record of targeting key sectors and services – as shown by Cruel targeting of healthcare providers in the US and Europe during the pandemic – making the energy sector an obvious target in the coming months.
A major concern here will be disruption of physical processes, such as energy sensors, gas stations, generators, and power grids. In February, for example, the ransomware attack Affected operations At several major oil port terminals in Belgium, Germany and the Netherlands – a similar incident affecting gas stations during the winter months could cause significant disruption. And while we can be encouraged by the fact that manual safeguards are increasingly being put in place to reduce the impact of cyberattacks, the power sector remains vulnerable.
These threats are serious and will require a proactive response in the coming months to avoid any disruption. However, fear should not paralyze us, because we have the agency to meet these challenges head-on.
For example, NATO has Already warned “Any deliberate attack against critical Allied infrastructure will be met with a unified and resolute response.”
Although such warnings are welcome, there is still enough ambiguity regarding NATO’s possible response to a cyberattack that was carried out to embolden the Kremlin. Additionally, normative and deterrence-based restrictions have had a limited impact on ransomware operators thus far – as evidenced by the ruthless targeting of critical infrastructure in recent years.
Therefore, these policy responses must be combined with an ongoing focus on building operational resilience. Rather than simply trying to prevent attacks, European energy suppliers should also be able to recover quickly, should they occur.
In this regard, European leaders and energy operators should look to the Ukrainian experience for inspiration. Besides blaming Russia, Ukraine’s long-term efforts to build cyber resilience help explain the lack of highly disruptive cyber activity since the start of the invasion. The country’s cyber-defenders and private sector partners demonstrated this clearly in March and April, when they thwarted Russian attempts It causes a power outage Via a cyber attack that would have affected two million people.
The apparent effectiveness of Ukraine’s cyber resilience illustrates two lessons for the transatlantic community this winter:
First, we need farming Deep and meaningful operating partnerships across both government and industry. policy makers Often they rant The need for information exchange and public-private partnerships in the field of cybersecurity. But rather than just high-level commitments to cooperation, it is now time to build much deeper working relationships between NATO members, cybersecurity vendors and European energy operators. This means getting deeply involved in the operational realities of the network’s defenders.
Building resilience must go beyond protecting power sector grids – developing resolve will be just as important. Many cyber operations targeting the energy sector will eventually seek to alarm the European community and undermine support for Ukraine, and in the face of cyberattacks and disinformation campaigns, European citizens must remain united.
If we subscribe to the story of fear, we are doing the Kremlin’s work for it. Instead, it’s time to plan and tackle winter cyber threats in Europe head on.