We must tackle Europe’s winter cyberthreats head-on – POLITICO

Jamie Collier is a Research Fellow at the Royal United Services Institute and Senior Threat Intelligence Advisor at Mandiant. Jamie MacColl is a Cyber ​​Threat and Cybersecurity Research Fellow at the Royal United Services Institute.

The recent Nord Stream gas pipeline leak demonstrated the vulnerability of Europe’s energy infrastructure. Yet, in addition to these physical threats, the continent must also prepare for the prospect of increased cyberattacks this winter.

These potential cyber threats to energy supplies will bring plenty of bad luck as the colder months approach – but now is the time to prepare, not panic. And European governments and energy providers should focus on whether to plan for the potential dangers ahead.

So what kinds of cyber threats could the continent face as temperatures drop?

European energy suppliers are an obvious target for Russian state-sponsored groups, as cyber operations offer a chance to pressure countries participating in sanctions against Russia or currently reducing their dependence on Russian energy. Like any other measure below the threshold of armed conflict, these cyber operations are also appealing because they are painted under a veneer of denial. And from the Kremlin’s perspective, undermining public trust will be just as important as any physical or technical disruption caused.

Russia’s aggressive operations have already regularly pushed the boundaries of what is considered « acceptable behavior » in cyberspace. For example, Russian cyberattacks on Ukrainian electricity operators in 2015 and 2016 caused blackouts in the dead of winter. And other destructive malware capable of shutting down operations, sabotaging industrial processes, and disabling security controllers to cause physical destruction has also been detected since the invasion began.

Beyond these destructive operations, Russian intelligence agencies and their associated front companies are also likely to spread false narratives through information operations. These campaigns seek to capitalize on domestic tensions, causing concern and division. In this vein, worries about European energy supplies and cost-of-living pressures could be fanned to impose more pressure on European governments seeking to wean themselves off Russian energy.

Additional threats can also come from cybercriminals, many of whom operate with the tacit approval, if not encouragement, of the Russian state. Cybercriminals may be primarily motivated by money, but security and intelligence agencies Five Eyes have warned that many Russian ransomware operators have pledged to support the government. And these groups have a history of targeting key sectors and services – as shown by their ruthless targeting of healthcare providers in the US and Europe during the pandemic – which makes the energy sector a target. evident in the coming months.

A major concern here will be the disruption of physical processes, such as energy sensors, gas terminals, generators and power grids. In February, for example, a ransomware attack affected the operations of several major oil port terminals in Belgium, Germany and the Netherlands. A similar incident affecting gas terminals during the winter months could cause significant disruption. And while we can be encouraged that manual safeguards are increasingly being put in place to minimize the impact of cyberattacks, the energy sector remains vulnerable.

These threats are serious and will require a proactive response in the coming months to avoid any disruption. Yet we should not be paralyzed by fear, for we have the agency to meet these challenges head-on.

On the one hand, NATO has already warned that « any deliberate attack on Allies’ critical infrastructure will lead to a united and determined response ».

While such warnings are welcome, there is still enough ambiguity about NATO’s potential response to a cyberattack carried out to embolden the Kremlin. Moreover, prescriptive and deterrence-based restrictions have so far had limited impact on ransomware operators, as shown by the ruthless targeting of critical infrastructure in recent years.

Such policy responses must therefore be combined with a constant focus on building operational resilience. Rather than simply trying to prevent attacks, European energy suppliers must also be able to recover quickly, should they occur.

In this regard, European leaders and energy operators should learn from the Ukrainian experience. Beyond simply blaming Russia, it is Ukraine’s long-term efforts to build cyber resilience that explain the absence of highly destructive cyber activity since the invasion began. The country’s cyber defenders and private sector partners demonstrated this clearly in March and April, when they foiled Russian attempts to cause a blackout via a cyberattack that reportedly affected 2 million people.

The apparent effectiveness of Ukraine’s cyber resilience demonstrates two lessons for the transatlantic community this winter:

First, we must cultivate deep and meaningful operational partnerships between government and industry. Policymakers often pretend to talk about the need for information sharing and public-private partnerships in cybersecurity. But rather than settling for high-level engagements to simply collaborate, now is the time to build much deeper working relationships between NATO members, cybersecurity providers and European energy operators. This means engaging deeply with the operational realities of network advocates.

Building resilience must also go beyond simply protecting energy sector networks – building resilience will be equally important. Many cyber operations targeting the energy sector will ultimately seek to disrupt European society and undermine support for Ukraine, and in the face of cyber attacks and disinformation campaigns, European citizens must remain united.

If we subscribe to a fear narrative, we are doing the Kremlin’s job for it. Instead, it’s time to plan and directly combat Europe’s winter cyberthreats.