Jamie Collier is an Associate Fellow of the Royal United Services Institute and a Senior Threat Intelligence Advisor at Mandiant. Jamie MacColl is a Research Fellow in Cyber Threats and Cyber Security at the Royal United Services Institute.
The recent Nord Stream natural gas pipeline leak demonstrates the vulnerability of Europe’s energy infrastructure. But in addition to these physical threats, the continent must also prepare for the heightened potential for cyberattacks this winter.
These potential cyber threats to our energy supply will wreak havoc as the cold weather approaches. European governments and energy suppliers also need to focus on opportunities to plan for the dangers that may lie ahead.
So what kinds of cyber threats could the continent face as temperatures cool?
European energy suppliers are an obvious threat to Russian state-owned groups, as cyberattacks offer an opportunity to put pressure on countries participating in sanctions against Russia and those currently reducing Russia’s dependence on energy. is a good target. Such cyber operations are attractive, as are other means below the threshold of armed conflict. And from the Kremlin’s point of view, undermining public confidence is just as important as physical or technological chaos causes.
Russia’s offensive operations have routinely pushed the boundaries of what is already considered “acceptable behavior” in cyberspace. A cyberattack caused a power outage in the middle of winter. Since the intrusion began, we have also detected additional destructive malware with the ability to shut down operations, interfere with industrial processes, disable safety controllers and cause physical destruction.
Beyond such destructive operations, Russian intelligence agencies and their affiliated front companies may also spread false narratives through information operations. These campaigns seek to exploit domestic tensions, creating alarm and division. Concerns about pressure on Europe’s energy supply and cost of living could thus be fueled to put more pressure on European governments seeking to wean themselves from Russian energy.
Additional threats can also come from cybercriminals. Many of them operate with the implicit approval or even encouragement of the Russian government. The cybercriminals’ main motivation may be financial, but Five Eyes security and intelligence agency warns that many Russian ransomware operators have pledged their support to the government. And these groups have a track record of targeting key sectors and services, as evidenced by their ruthless targeting of healthcare providers in the US and Europe during the pandemic.
One of the main concerns here is the disruption of physical processes such as energy sensors, gas terminals, generators and power grids. For example, in February, ransomware attacks affected the operations of several major oil port terminals in Belgium, Germany and the Netherlands. A similar incident affecting a gas terminal during the winter could cause significant disruption. And while the fact that manual safeguards are increasingly being put in place to minimize the impact of cyberattacks is encouraging, the energy sector remains vulnerable.
Such threats are serious and will require a proactive response in the coming months to avoid disruption. But fear should not paralyze us, as we have the power to meet these challenges head-on.
For example, NATO has already warned that “deliberate attacks on Allied critical infrastructure require a united and decisive response.”
While such warnings are welcome, there is still sufficient ambiguity regarding NATO’s potential response to cyberattacks carried out to provoke the Kremlin. Additionally, prescriptive and deterrent-based restrictions have so far had limited impact on ransomware operators. This is demonstrated by the ruthless targeting of critical infrastructure in recent years.
Such political responses must therefore be combined with a relentless focus on building operational resilience. European energy suppliers must not only be able to prevent attacks, but also be able to recover quickly if an attack occurs.
In this regard, European leaders and energy operators should look to the Ukrainian experience for inspiration. Rather than simply blaming Russia, Ukraine’s long-term efforts to build cyber resilience explain the lack of highly disruptive cyber activity since the beginning of the invasion. The country’s cyber defenders and private sector partners made this clear in March and April, when Russia thwarted an attempt by Russia to cause a blackout due to a cyberattack that affected two million people.
The clear effectiveness of Ukraine’s cyber resilience presents two lessons for the Atlantic community this winter.
First, we need to forge deep and meaningful operational partnerships in both government and industry. Policy makers often gossip about the need for information sharing and public-private partnerships in cybersecurity. But beyond just a high-level commitment to work together, now is the time to build deeper cooperation between NATO members, cybersecurity his vendors and European energy operators. This means deep engagement with the operational realities of network defenders.
Building resilience must go beyond just securing the energy sector’s networks. Developing determination is equally important. Many cyber operations targeting the energy sector ultimately seek to destabilize European society and undermine support for Ukraine, and even in the face of cyberattacks and disinformation campaigns, European Citizens must remain united.
If we agree with the horror narrative, then we are doing the Kremlin’s job.
.
