Cyber War: A Digital Alliance Case Is Also Possible

Russian hackers are spreading espionage, blackmail and disinformation across Europe. A cyber war is looming, which could have far-reaching consequences.

Russian soldiers blew up several substations in front of the Ukrainian city of Kharkiv, the mayor said. Without them, no electricity flows, water pumps fail. A classic war tactic: you destroy the enemy's infrastructure and deprive soldiers and civilians of vital resources. Militarily this costs little, but achieves a great effect. And it could get worse.  

Because Russia has weapons that can paralyze not just one substation, but dozens at the same time. As early as December 2016, they were used for everyone to see. At the time, Russian state hackers shut down 27 Ukrainian plants , and more than 100 cities went without electricity for hours. 

Sanctions And Cryptocurrencies

There is great concern that such hacker attacks will be repeated. And not only in Ukrainecause tremendous damage, but also in other European countries. Even worse: Russian hacking units could turn directly against EU and NATO countries, for example in response to Western sanctions. A scenario with unforeseeable consequences. Shortly before Russian troops invaded Ukraine, Western security circles cited a major hacker attack there as a possible reason for the war. And as early as 2014, NATO decided that a virtual attack on ministries, authorities, electricity producers, gas works or large companies, as well as an attack with tanks or bombers, could be a reason to declare the alliance. In other words: that the NATO countries defend themselves together in the event of a hacker attack. The only question is when exactly this will happen.

The very first day of the war gave an impression of how quickly a small incident can have an international impact. On February 24, an antenna system in Ukraine failed, one of eight European radio stations linked to a satellite called KA-SAT 9A. The satellite belongs to the American company Viasat. Its antennas span a network of radio cells, bringing high-speed internet to many regions of Europe and the Middle East. Initially, the outage only affected the Ukrainian network around the ground station there. But the disruption soon spread to other customers. The cause seems to be a broken software update that installs itself automatically everywhere.

Apple's Cheapest iPhone

Enercon, a German wind turbine manufacturer, is also affected. Enercon uses KA-SAT 9A to remotely maintain a total of 5,800 wind turbines with an output of eleven gigawatts across Europe. This is no longer possible, the satellite modems in the wind turbines no longer establish a data connection after the update and are therefore useless. According to the Federal Office for Information Security (BSI), power generation in Europe was never at risk. The wind turbines run in an automatic mode and continue to feed electricity into the grid – at least as long as there is no disruption. However, the modem in every wind turbine has to be replaced and a technician has to step out for every small error to get the wheel going again.

Certainty takes time

Just a technical error - or a hacker attack? The Czech Internet provider INTV, which also uses KA-SAT 9A for broadband coverage and whose network also failed, assumes a targeted attack against the Ukrainian ground station. INTV boss Jaroslav Stritecky told that he had no clear evidence of this, but the point in time and the number of services affected spoke for it. "That was our (unofficial) guess, which was later partially confirmed by the satellite operator," he wrote in an email. The American satellite owner Viasat simply replied that the incident was still being investigated. More than a week after this far-reaching failure, it remains unclear whether Russian hackers are behind it or whether a sloppily programmed software update triggered the error. 

Crypto Refuses To Freeze The Assets Of Its Russian Users

The example illustrates how difficult it is to find out who is behind such an incident - whether it is a faulty update or a hacker attack disguised as a faulty update. This uncertainty gives perpetrators a tremendous advantage. You can always deny being involved. And even if involvement is proven, they can claim the failures were an unfortunate accident. Because the attack - if it was one - was aimed at a Ukrainian radio system, not wind turbines and fire brigades in Germany. Or is it? Determining the actual target and the attacker takes time. An immediate counterattack is therefore not an option.

Fragile Systems

It is precisely this uncertainty that alarms professionals. Because it makes a cyber war so unpredictable. The infrastructures in Europe are fragile and closely interwoven. In the complex network of thousands of technical systems, an almost unmanageable number of possible points of attack have arisen over time. Small disruptions can quickly have far-reaching effects. At the same time, it is almost impossible to estimate where an attack will have an impact. As in the mathematician Edward Lorenz's example of the flapping of a butterfly's wings in Brazil, which can trigger a tornado in Texas, an attack on an antenna in the Ukraine can stop a wind turbine in Emsland or a fire brigade in Brandenburg.

Russia Runs Out Of iPhones

The fragility of the systems and the imbalance between attacker and defender may be the reason why the American government reacted very hesitantly to a proposal from the secret services and the military to respond to the Russian invasion with hacker attacks. On February 24, NBC reported , President Joe Biden was presented with options for cyber warfare against Russia, including disrupting internet connections and power supplies. But a government spokeswoman immediately rejected the request.

IT experts in the federal government were "startled" by this proposal, said one of those involved. After all, in a cyber war, both sides are equally vulnerable. NBC quotes security expert Dmitri Aperovich of the Silverado Policy Accelerator: "The last thing we want is a cyber skirmish between the US and Russia to see who can destroy the other's critical infrastructure." That could escalate terribly. "In abstract terms, the threat situation has increased, but there are no acute incidents and no indications of attacks," said a BSI spokesman in an interview. 

Blocking Of Russian State Media

The NATO allies in the Baltic States and in Poland are experiencing this right now. On February 23, a Slovakian security company observed a so-called wiper, a malicious program that deletes all data on the target systems. This rogue was targeted at Ukrainian banks and was most recently used to attack a control station on the border with Romania. It was apparently intended to make it more difficult for refugees to leave the country. According to an internal BSI warning, the malicious program has now also been discovered in the systems of service providers of the Ukrainian government in Lithuania and Latvia.

There were also attacks in Poland. State structures there were hacked on February 25, one day after the attack on Ukraine. Unknowns tried to break into government mail servers. For the first time ever, the Polish government has raised the cyber alert level to "Charlie," the third of four possible alert levels. In fact, hacking attacks are commonplace. Deutsche Telekom counts between 40 and 70 million attacks every day in its networks alone. The West has lived with infiltration attempts and disinformation campaigns from Russia for many years. "What's new is that we have yet to see a military cyberdoctrine in which cyberattacks are used alongside traditional military force against an equal or near equal opponent," said Alexi Drew, security expert at think tank RAND Europe. "Many of the theories we had about the impact of cyberattacks in modern conflict are now being tested in reality for the first time."

Google Has Upgraded

This applies to Ukraine, which experienced massive attacks on the country's digital infrastructure, websites, banks, government and military offices, up until the start of the invasion. Their goal: to spread fear and terror and to shake the public's confidence in their government's ability to act. But Europe, too, must adjust to the fact that hacker attacks no longer only follow the greed of online blackmailers, but also the tactical interests of Vladimir Putin's government. Russian hackers have long since established themselves in the west. The Amsterdam daily Volkskrant reported on Thursday that the military intelligence agency MIVD had uncovered a network of dozens of compromised routers belonging to small and medium-sized Dutch companies. Sandworm, one of the most dangerous and active Russian cyber entities that caused the 2016 Ukraine blackout, has taken control of the routers. Like sleeper cells in the Cold War, the routers waited to be activated and used for espionage or sabotage unnoticed by their owners. They had been infected a long time ago with previously unknown malware called CyclopsBlink.

When does skirmish become war?

The Russian state hackers seem to be looking for more loopholes. In one of their internal warnings, the BSI and the Office for the Protection of the Constitution write: "As of today, several NATO partners have seen increased aggressive scanning activities in their networks." Such scans can be used, for example, to search systems for security gaps. The crucial question is: When does the usual digital skirmishes for espionage and information gathering become real sabotage and destruction? So when is the threshold that triggers the NATO alliance case crossed?

"It's just unheard of," said Drew of RAND Europe. Not only is it very difficult to determine factors on the basis of which such a decision can be made. "It is also the policy of many states to be deliberately unclear about what constitutes an act of war in cyberspace and what does not." The opponent is left in the dark so as not to encourage him to dare to approach a defined threshold. In addition, NATO 's concept of strategic ambiguity also applies to the Internet. The alliance deliberately stipulated that a hacker attack could trigger Article 5 of the NATO treaty, i.e. the alliance case, and - as with conventional attacks - also deliberately left open when exactly this case occurs.

Cyber ​​Attack On Ukraine

In a way, the principle of deterrence also applies on the Internet, said Kenneth Geers of the Atlantic Council's Digital Forensic Research Lab. "The West is a formidable cyber power when it acts together," Geers said. Together, the EU and the US are "the only real cyber superpower in the world." Anyone who launches an attack against this power must reckon with a similarly harsh response. And the Russian infrastructure is just as vulnerable as that of the NATO countries, and there are countless technical gaps that can be exploited.

So will Russian hackers be intimidated by the concentrated European-American cyber power? So far, President Putin has ignored every warning from the West. And what if there is an attack that paralyzes electricity, water, gas, air traffic controllers, rail traffic and emergency calls in a NATO country? Maybe even cost lives? All the experts agree that nothing like this has ever happened before. So far, however, no one has started a cyber war.

Do You Know What We Have Posted on

twitter facebook instagram reddit tumblr

Post a Comment