"Birnbaum has reason to fret. A recent report from the International Energy Agency found the average number of cyberattacks against utilities each week more than doubled between 2020 and 2022 worldwide — with 1,101 weekly attacks registered last year."
Not questioning the attacks per se, but the problem with this kind of reporting is that there are no commonly agreed definitions and hence no one believes any of these numbers.
“It is clear that these attacks come from the East: the Russian Federation and non-democratic countries,” he added."
Without putting evidence on the table, I am not sure whether this kind of quasi-attribution is helpful; it may easily turn into fear-mongering and alter the public perception.
"The challenge is that the operating systems used by Europe’s grids are up to 40 years old, said Swantje Westpfahl, director of the Institute for Security and Safety think tank, meaning they’re “very hard to patch” if there’s a problem. Energy suppliers are often still figuring out how to secure both operations and information systems (OT and IT) and make sure they work with trusted partners in their supply chains."
"Equally, as grid networks increasingly digitalize, “it’s really hard to find” cybersecurity experts to match the growing cyber risks, Westpfahl added."
> Without putting evidence on the table, I am not sure whether this kind of quasi-attribution is helpful; it may easily turn into fear-mongering and alter the public perception.
Cyber attacks are notoriously hard to attribute. Due to the many anonimisation techniques available.
However there's some smoking guns. The timing is a huge one, and it matches Russia's normal MO. Ukraine has been "punished" with attacks on their grid ever since they started looking for EU accession.
And there's the alignment of known groups with the techniques they commonly use (see the MITRE ATT&CK framework). And HUMINT sources of course, these are often large operations and will leak. But it's not the kind of information you want to make public.
Often there's also indications in the malware such as auto disabling when Cyrillic keyboards are detected.
Sure; I don't disagree as such. Merely pointing out the dangers involved. Note also the deception with these so-called smoking guns, i.e. I wouldn't really trust that much any "hints" found inside APT's malware.
True but really it's part of the Russians' MO to leave traces.
They will scream in your face denying it but at the same time they make sure there is no doubt about who is behind it. After all, it's a message and there's no point to it if it's not clear who 'sent' it.
This is reinforced even more by the fact that their attacks are annoying pinpricks (and many of them) but not really debilitating. Cleverly skirting the limits of an act of war. I doubt they'd actually kill our entire power grid even if they could (and I do believe they could, they have a lot of experience at this, and as the article states our security is still shit).
Please avoid making baseless claims about the 'evidence' left behind by "other countrys' hackers" as there is absolutely no basis to believe any of this evidence, ever again. One can simply not trust the claims of evidence of hacking being proferred - by anyone, let alone the US' own utterly vile intelligence agencies.
> After all, it's a message and there's no point to it if it's not clear who 'sent' it.
If they want to be attributed, then it is not deception, right? In that case, it is interesting why it is so; here we'll probably move into the grander hybrid game, including the propaganda war, which also brings the risks I mentioned in case it is deception and you misattribute.
Not questioning the attacks per se, but the problem with this kind of reporting is that there are no commonly agreed definitions and hence no one believes any of these numbers.
“It is clear that these attacks come from the East: the Russian Federation and non-democratic countries,” he added."
Without putting evidence on the table, I am not sure whether this kind of quasi-attribution is helpful; it may easily turn into fear-mongering and alter the public perception.
"The challenge is that the operating systems used by Europe’s grids are up to 40 years old, said Swantje Westpfahl, director of the Institute for Security and Safety think tank, meaning they’re “very hard to patch” if there’s a problem. Energy suppliers are often still figuring out how to secure both operations and information systems (OT and IT) and make sure they work with trusted partners in their supply chains."
"Equally, as grid networks increasingly digitalize, “it’s really hard to find” cybersecurity experts to match the growing cyber risks, Westpfahl added."
These are real problems, yes.