Cyberwar isn’t just coming to the West. It’s already here.
On May 10, the U.S. and European governments formally declared that Russia’s invasion of Ukraine began with a state-sponsored cyberattack on critical communications infrastructure—an attack that spilled over from Ukraine to satellite internet networks throughout Europe. It is a foretaste of disruptions on a global scale, officials have warned, with critical infrastructure like utilities, food production, and emergency services at risk.
In fact, there’s strong evidence that these kinds of attacks have already begun.
A number of wind-power companies fueling Germany’s rapid transition away from Russian energy have recently experienced cyberattacks that took some systems offline. Off the record, Western governments assigned blame on Russian military intelligence services for an alarming hack that disabled Viasat, a major satellite company based in California that Ukraine, wind-energy utilities, and many other European companies use for internet service.
Nation-state attacks on critical infrastructure predate the war, of course. The North American Electric Reliability Corporation (NERC) found a 170 percent increase in ransomware activity targeting power companies from 2019 to 2020. And on a recent episode of 60 Minutes, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), said that Russia is almost certainly planning to attack U.S. infrastructure directly, and that organizations—and all of us—need to brace ourselves for the inevitable….
“[Oldsmar] was an example of improper isolation of data communications and weak authentication from the water plant control room out to the internet,” says Bill Moore, CEO and founder of Xona Systems, which focuses on OT security. The Oldsmar facility did not employ multifactor authentication, compounding the problem. In an analysis, CISA said Windows TeamViewer software based on the widely used remote desktop protocol (RDP) was a critical weakness that allowed hackers to infiltrate the treatment plant. Moore notes that RDP is the top weakness that ransomware attacks exploit to this day.