The Russia-Ukraine/U.S. geopolitical rivalry in Europe is now spilling onto a new battlefront—cyber space and critical infrastructure.
On February 12, Ukraine’s energy and coal industry ministry hinted that Russia was responsible for a series of cyber attacks against the country’s electricity distribution network when saboteurs hacked into the networks of the three power companies in Western Ukraine—Prykarpattya Oblenergo, Chernivtsi Oblenerho and Kiev Oblenergo—on 23 December 2015, which disrupted energy supplies in eight provinces, affecting more than 80,000 people.
The hackers’ attack was well planned and coordinated—simultaneous to the disruption of power supplies, the saboteurs launched a sort of “distributed denial of service” (DDoS) attack on the power utilities’ call centres which prevented people from reporting on the power outage. The electricity was eventually restored, but not before the utilities, incurring the brunt of the irate customers.
Stopping short of directly attributing the attacks to Russia, the Ukrainian officials stated the hackers had used services of a Russia-based Internet company and made calls from within Russia to coordinate the attack. As per investigators, the December 23 attack was in the works for six months, with the hackers resorting to social engineering methods—spear phishing to cull critical information from emails of the targeted group of Internet users—to gain access to the utilities’ computer networks.
Technical analysis of the attacks by Internet security firms has determined that a version of widely-available malware KillDisk may have been used for penetrating the utilities’ computer networks. This version was specifically designed to sabotage the Industrial Control Systems or SCADA (Supervisory Control and Data Acquisition) Systems which are used for managing operations at critical infrastructure. What made the attack even more lethal was KillDisk’s ability—as its name suggests—to wipe or overwrite critical files of the Windows Operating System and computers’ hard disks, causing them to crash. This malware was used in association with a widely-known hacker tool called BlackEnergy, extensively used by the Russian hackers for breaching the energy companies’ computer networks worldwide. It is also suspected to be used for industrial espionage.
The attacks that took place are the first known instance of disruption in power supplies caused by cyber attacks and have certainly amplified concerns on the vulnerability of the critical infrastructure to cyber sabotage. Attribution for cyber attacks is a risky proposition, but the uneasy relationship between Ukraine and Russia ever since the latter took over Crimea in 2014, may bear out the former’s contention. In fact, anti-Russian activists had allegedly sabotaged power lines in November 2015, causing widespread blackouts in Crimea, which may have provided the motive for the Russian hackers attacking Ukraine’s energy grids. Whether this hacking forms part of the larger warfare remains to be seen, but we have seen previous instances where cyber means have been used to achieve larger political objectives, with the perpetrators maintaining deniability:
- In 2014,North Korea accused the United States of attacking its computer networks and shutting down the Internet for many days. This incident followed after the United States accused North Korea of hacking into the Sony Pictures’ servers to steal corporate and employee data.
- In 2009-10, Iran blamed the United States and Israel for launching theStuxnet virus that targeted Iran’s nuclear reactors. In retaliation, Iranian hackers supposedly launched a massive cyber attack on the world’s largest oil company—Saudi Aramco—erasing critical corporate data from its 30,000 computers.
- In 2008, the Georgian government accused Russia of launching DDoS attacks against its computer networks while both countries fought for control over the territory of South Ossetia. The attack had disabled almost 90% of official Georgian website domains.
- In 2007, Russia was suspected of having carried out a series of DDoS attacks on websites of the government, political parties, news organisations, and banks in Estonia.
Fortunately, India has not witnessed a major attack like the above, but that is not a reason for complacency. The country remains a major target of hostile countries and rogue elements, with attacks aimed mainly at its critical infrastructure and stealing sensitive data. To mitigate these cyber threats, India has taken incremental steps by: (a) announcing a broad policy framework in the form of the National Cyber Security Policy; (b) appointing a national cyber security coordinator; and (c) setting up the National Critical Information Infrastructure Protection Centre. Cyber security is also a major item on India’s diplomatic agenda as it has set up cyber security dialogues with countries such as the United States and Russia. It is also set to sign an information security agreement with Russia, aimed at addressing bilateral cyber concerns.
It is clear that, by taking advantage of the attribution problem and cost effectiveness, major cyber powers are investing heavily in offensive cyber capabilities, paving the way for militarisation of cyber space. India, therefore, needs to step up its response and operationalise a cyber security strategy that will take all stakeholders on board and incorporate defensive and offensive capabilities.
Sameer Patil is Fellow, National Security, Ethnic Conflict and Terrorism, at Gateway House.
This blog was exclusively written for Gateway House: Indian Council on Global Relations. You can read more exclusive content here.
For interview requests with the author, or for permission to republish, please contact outreach@gatewayhouse.
© Copyright 2016 Gateway House: Indian Council on Global Relations. All rights reserved. Any unauthorized copying or reproduction is strictly prohibited.