CYBERWATCH FINLAND
SNAPSHOTS OF ENERGY INDUSTRY text: PASI ERONEN International security analyst and consultant
NATIONAL POWER GRIDS AND ENERGY SECTOR TARGETS ARE UNDER THREAT DURING THE ON-GOING GEOPOLITICAL TENSIONS The New York Times (NYT) reported back in June 2019 that the United States had installed malware on Russian power grid as a warning and to demonstrate US capabilities and motivation to use more aggressive cyberattacks. Russia, in turn, told that it has detected and rejected the cyberattacks in the United States.1,2 These operations and statements of superpowers reflect global politics. By publicizing the US penetration of the Russian electricity grid, the US tries to establish a cyber- deterrent in a fashion vaguely similar to nuclear age mutual assured destruction – any attack on American targets, such as elections, may lead to counterattack against Russian electric grid. Such attack could also be used in an asymmetric way, for example as a response to a kinetic attack against the US, or its allies. Moreover, making such information public gives out also a message that Russia is not safe, even if it tries to establish an ability to detach itself from the worldwide internet at will. Lastly, being more open about the cyber capabilities can be traced back to the recent changes in American cyber posture, them becoming more proactive in the domain.3
It is also good to keep in mind that similar activities against the US power grid has been reported by the US intelligence community for years, latest in January 2019 in the Office of Director of National Intelligence’s (ODNI) Worldwide Threat Assessment of the US Intelligence Community.4 The threat is not an illusionary one, as was clearly demonstrated by actors, namely Sandworm, linked to Russian state in Ukraine back in 2015 and again in 2016. 5 To heighten the risk in 2020, cyberattacks, such as using wiper malware, against critical infrastructure and energy sector targets has also been demonstrated by Iran. The recent elimination of Maj. Gen. Qassem Soleimani might embolden Iranians to act more aggressively, such as launching disruptive and destructive attacks, in cyber domain against Americans and their allies with potential for unanticipated second and third order effects.6 These current developments were also reflected in the latest insights released by the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA), where Iranian threat profile was covered together with risk mitigation measures. 7,8 CYBERWATCH
FINLAND | 43
