Gas pumps empty, factories on the east coast shut down: In May 2021, some places in the USA suddenly ran out of fuel. Hackers had paralyzed an important pipeline and demanded a ransom to get the systems running again. The attack on the Colonial Pipeline company prompted the government to declare a state of emergency. At the time, the attackers said they only wanted money. The attack is not a political action. But the case showed once again that it is possible to paralyze critical infrastructures with digital means - and what consequences that can have.
Now, during the Russian war of aggression in Ukraine, the question of how well secured critical infrastructures are - in the USA, but also in Europe - is all the more important. Because the war is not only fought locally, but also online. On the first day of the war, numerous government websites in Ukraine went down, which in turn blamed Russia – even if such attributions are difficult to prove in the case of digital attacks. Security firms have also reported attacks on Ukrainian systems using so-called wiper malware, which can erase all data. Ukraine, in turn, mobilized a cyber army of volunteers that shut down Russian websites.
 |
| Twitter Reverses Its Tab System |
So far it seems to be more about a demonstration of power and uncertainty. In any case, Russia's war against Ukraine is not as digital as some experts expected. But that does not mean that critical infrastructure such as the power grid or water supply cannot also become a focus of the war. Experts believe that such an attack from the Russian side is quite possible. In Ukraine, Russian hackers attacked energy companies in 2015, leaving more than 100 cities without electricity for hours. Now there is concern that such actions could be repeated. And not just against Ukraine, but against all states that have imposed sanctions on Russia.
fear of failure
"What if Russia launches a colonial pipeline attack on steroids?" asked cybersecurity expert Nicole Perlroth at the South by Southwest (SXSW) tech conference on Sunday. Even then, an internal report by the Department of Energy showed that the US economy could only have endured the failure of the pipeline a few days longer. "And now imagine a coordinated attack on several pipelines in the country," Perlroth said. The message: The consequences could be catastrophic.
 |
| iPhone SE 2022: As Powerful As ... |
In the 60-minute conversation Cyberwar 2022: From Eastern Europe around the World, she and her fellow speaker, cybersecurity expert Jonathan Reiber, painted a serious picture of the situation: "In the cybersecurity industry, everyone is more afraid than ever," said Perlroth. The United States is particularly vulnerable. More than 80 percent of the country's critical infrastructure is in the hands of private companies and some of their networks are poorly protected and run with outdated software. In fact, it was reported that the Colonial Pipeline hack succeeded thanks to a single password and the lack of two-factor authentication. Russia already has access to many systems, Perlroth said. There is no question that the country could attack the USA if it wanted to. "You certainly can," Perlroth said.
What if Russia launches a colonial pipeline attack on steroids?
The assessments of the two are also remarkable because they are closely linked to the US government. Perlroth works as a consultant for the US Department of Homeland Security's Cybersecurity Division; she previously wrote for the New York Times as a cybersecurity reporter for a decade. Reiber is senior director for cybersecurity strategy at AttackIQ, an IT security company. Under President Barack Obama, he was chief strategy officer for cyber policy at the Department of Defense and authored the first two United States national cyber defense strategies. Both Perlroth and Reiber do not officially speak for the government; but they know the apparatus from the inside – and presumably also its problems.
 |
| Restrictions On Forwarding Messages |
In Europe, Reiber sees the situation a little less dramatically than in the USA. Some European countries are a little better prepared than the USA, for example Great Britain, he said after the discussion in an interview with international press. In the UK, the government has passed a £2.6 billion cyber strategy and is planning new legislation to get businesses to take cybersecurity seriously. Countries that have long felt the threat posed by Russia have also invested large sums in IT security, such as Estonia. NATO has also made progress.
When software has security flaws, it puts all the companies that use it at risk. And even if the systems are technically well secured: People work in companies, and people can make mistakes. For example, by accidentally clicking on a link in a spam email that they use to download malware onto their computer. Or by entering their password on a fake website without realizing it, which attackers then pick up and infiltrate into the systems. This is called social engineering in technical jargon. These very targeted attacks on companies are often about stealing data and penetrating the systems so far that, if necessary, they can be infected with malware and paralyzed.
 |
| TikTok And The War In Ukraine |
Companies and government organizations therefore not only have to be aware of known threats and security gaps and protect their systems accordingly, says Reiber. They would also have to practice for emergencies and test the systems. He does not skimp on military comparisons: the best navy in the world cannot survive in battle if it is always in port. "We know the tactics they're going to use," he says. "So we should play through these tactics."
Protection is not only important for companies that could be targeted by Russia. Because attacks can also happen accidentally - malware does not always only affect the systems for which it was intended. As far as we know, the Russian hacker group Sandworm used the NotPetya malware to launch a cyber attack on Ukraine in 2017. In fact, however, it overshot the original goal and paralyzed IT systems worldwide, for example at the logistics company Maersk, the US pharmaceutical company Merck and the German companies Beiersdorf and DHL. Such incidents could lead to full-blown cyber warfare in the current political climate. Even a case of a NATO alliance is conceivable : that is, that the moment a NATO country is attacked digitally, the other members jump in.
"Then he lunges at us"
While Germany's government is at least skeptical about so-called hackbacks, i.e. digital counterattacks, there is less reluctance in the USA. Attacks by Russian actors would probably be answered with counterattacks if they took place in a "war context," says government adviser Perlroth. "I think we would respond accordingly."
Do You Know What We Have Posted on
twitter facebook instagram reddit tumblr
The government demonstrated in 2019, among other things, that the USA is also able to attack infrastructure. The United States Cyber Command attacked the Russian power grid and placed malware there. The operation was accompanied by offensive communication. Russia or other actors launching cyberattacks on US targets would "pay a price," said then-President Donald Trump. This poses "a significant risk of an escalation of the digital cold war between Washington and Moscow," Perlroth wrote in the New York Times at the time.
Today she is of the opinion that the warning shot could actually have had a deterrent effect. It is possible that Putin has been rather reluctant to launch cyber attacks so far because he knows that the USA could hit back. "I don't think Putin wants to risk a direct cyber confrontation with the West, in which we switch off each other's power grids," says Perlroth.
However, she is not too sure that it will stay that way. The more the West puts Russia under pressure with sanctions, "the less they have to lose." And that makes cyber attacks against the USA more likely. She refers to a frequently circulated story that, as a child, Putin chased a rat for fun and drove it into a corner. Suddenly the rat counterattacked. According to Putin, the experience was very impressive and shaped him. If Putin is now cornered, says Perlroth, "then he will throw himself at us."
0 Comments