Russia accused of burrowing into US energy networks

Russia has been accused of so many things recently, it’s easy to lose track.

This week the Department of Homeland Security (DHS) added cyber-intrusion and surveillance of the US critical infrastructure sector to the growing list of accusations – in a move that might have been missed by commentators had it not come packaged with sanctions connected to alleged interference in elections.

Posted as an alert on US-CERT, this one matters. Anxiety about the probing of the energy grid goes back years but this is the first time the US has formally accused another country, Russia, of being behind such incidents.

Until now, the public alerts have been coy about attribution. Not this time:

Since at least March 2016, Russian government cyber actors targeted government entities and multiple US critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.

Although it didn’t appear that any disruption had taken place this time, the incident pointed to menacing intent:

DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.

Coming only weeks after the US and its Five-Eyes allies joined forces to condemn Russia for last year’s global NotPetya malware attack, the report looks like another signal of a changed strategy.

Only days before, the UK Defence Secretary Gavin Williamson warned that Russia’s attitude to the UK might include wanting to:

Damage its economy, rip its infrastructure apart, actually cause thousands and thousands and thousands of deaths.

Attack reports traditionally include technical detail but without naming names. Now, it’s as if the US and UK have decided to play Russia at its own game of information war, exposing them in as much detail as possible.

What used to be the Russian defence of plausible deniability has morphed remarkably quickly into an even stranger form, that of implausible deniability, a world where Russia plays the role of default culprit.

The strangeness of this isn’t that fewer believe Russia’s denials but that it’s sometimes as if the Russian Government takes perverse satisfaction from notoriety, like a movie gun-slinger proudly showing off wanted posters naming the high price on his head.

Exposing a country’s bad behaviour is about playing the long game, exposing a pattern that includes two alleged cyberattacks on Ukraine’s energy sector in 2014 and 2015 that led to power outages.

For the first time, it’s being suggested that the US and UK might contemplate cyber-retaliation in kind, which seems unlikely given that the US simply has more to lose compared to a Russian economy that is smaller than some US states.

But there is another way of understanding alleged Russian cyber-incursions against the US and others – everyone is vulnerable. The internet’s inter-connectedness has become the ultimate leveller, perhaps more so than any conventional military weapon.

Cyberattacks on infrastructure show us how everyone can be hurt – the US, the UK, of course, but also ordinary Russians too.