<img alt="" src="https://secure.sale0home.com/217841.png?trk_user=217841&amp;trk_tit=jsdisabled&amp;trk_ref=jsdisabled&amp;trk_loc=jsdisabled" height="0px" width="0px" style="display:none;">

Issue 16: Cyberwarfare or Cyberterrorism; either way it’s here and it’s real

by Smart Grid Forums on May 28, 2021

Cyberweekly No.16

Cyberwarfare is on the rise and attacks on the power grid are inevitable. With 30+ countries now thought to be developing offensive cyber capabilities, the next attack on the power grid is just a matter of time and political motivation. So how well is your board, your cybersecurity team, and your engineering and operations workforces, preparing to combat the next nation state attack on your infrastructure?

Let’s define cyberwarfare. The goal of cyberwar is to weaken, disrupt or destroy another nation through digital attacks causing comparable harm to actual war. Whether we can define the state sponsored cyberattacks we’ve witnessed so far as cyberwar or more accurately as cyberterrorism remains to be determined. As Eugene Kaspersky, Founder of Kaspersky Labs points out: “Within today’s attacks you are clueless about who did it or when they will strike again”.  

Regardless, all the evidence is now pointing to the fact that the power grid will be under more frequent and ferocious cyberattacks in the coming years, and it is no longer acceptable to wait for cyber events to unfold before power grid boards choose to invest in military grade preventative measures to strengthen their cyber defences, boost their 24/7 cyber detection capabilities, and turn up the volume on their cyber incident reporting.

If there is one lesson we’ve learnt from the DarkSide attack on the Colonial Pipeline, it is that naming and shaming the attackers and not the defenders, is what will strengthen our societal firewall and deter future attacks.

In recent years, we have seen cyberwar play out as denial-of-service attacks, electric grid outages, social media propaganda to skew election results, banking attacks to disrupt economies, and a range of other surprise attacks on critical infrastructure. The US, UK, Israel, China, Russia, Iran and North Korea are currently in the lead with developing offensive cyber capabilities. The better we get to know our adversaries, on a cultural, historical, political, cyber capability level, as well as getting under the skin of their international goals and desires, the better we can predict the types of cyber-attack we are likely to experience, and strengthen our preparedness with laser sharp precision.

Key cyberweapons we can expect to have to fend off in the coming years: 1) Malware, including viruses, phishing, worms, 2) DDoS attacks preventing users accessing critical services, 3) Theft of critical data from governments, institutions, and businesses, 4) Spyware and cyber espionage to threaten national security, 5) Ransomware that holds our systems hostage, 6) Propaganda to cause disruption and chaos in our political system.

One thing’s for sure, a not-so-secret cyber arms race has begun! The power grid must leverage technical advances to strengthen its defences, upskill its people with heightened levels of vigilance, and stay on top of international developments to predict where the next threat will come from and how it will play out. But without contributing to the intelligence pool to help law makers re-define international laws with a strong and clear framework for the do’s and don’ts of cyberwarfare, badly behaved governments will continue to exploit loopholes and wreak havoc on our critical infrastructure and information systems without fear of retribution.

Fortunately, NATO affiliated CCDCoE is working to plug the international law gap, and it is up to us to ensure that we move past the shame of being attacked, and just like the Colonial Pipeline folks, provide full disclosure of our experiences so that we support law makers in setting fair and just frameworks, strengthening the attribution process, and arriving at deterrence, peace, and saving lives and economies.

To assist you in preparing for one of the most malicious cyberwar attack vectors, we are holding a 60-min webinar on Combatting Ransomware Attacks, at 16:00 CET, Wednesday 30th June 2021. To register yourself and your team free-of-charge, please visit the webinar website and book your place today.

Please enjoy this week’s selection of news, views and resources below, and feel free to share this newsletter with colleagues in other departments, and peers in other organisations. 

Kind Regards,



Mandana White
CEO | Smart Grid Forums

News, Views & Resources

REPORT: TechRepublic. Cyberwar and the Future of Cybersecurity.
While standard criminality accounts for the vast majority of cyber threats, the use of the web by state-backed hackers has been widely publicised in recent years. Much of this takes the form of cyber espionage—attempts to steal data on government personnel or on expensive defence projects. While spying on other nations is generally accepted if not exactly encouraged, cyber industrial espionage is something that the US in particular is keen to discourage. But not all state-backed hackers are after industrial secrets. The US has for example regularly warned that the networks which control much of its critical infrastructure—including financial systems and power grids— are probed for vulnerabilities by foreign governments and criminals. This could be seen as nations doing the groundwork for future more dangerous incidents.
To read this report, click here!
REPORT: RAND Corporation. Understanding and Countering Coercion in Cyberspace
In this report we explore case studies of potential cyber coercion for the four nation-state actors the U.S. government has identified as most concerning. For each threat actor, we con- ducted open-source research to develop an overview of each country’s cyber capabilities and published doctrine on cyber operations and examined open-source literature on the major government-affiliated cyber operations groups. We then reviewed cyber operations that these states are alleged to have conducted against another state or actor.
To read this report, click here!
REPORT: CCDCoE. Autonomous Cyber Capabilities Under International Law.
This edited volume aims to merge the discourses on the application of international law to cyber operations and autonomous systems. To that end, it explores if and how international law differentiates between ‘embodied’ and ‘disembodied’ autonomous systems (that is, cyber-physical systems and software, respectively), what to consider when applying the principles of international law to cyber operations involving autonomous functionality, and how to establish responsibility and accountability.
To read this report, click here!
ARTICLE: FireEye. Shining a Light on DarkSide Ransomware Operations.
Since initially surfacing in August 2020, the creators of DARKSIDE ransomware and their affiliates have launched a global crime spree affecting organisations in more than 15 countries and multiple industry verticals. Like many of their peers, these actors conduct multifaced extortion where data is both exfiltrated and encrypted in place, allowing them to demand payment for unlocking and the non-release of stolen data to exert more pressure on victims.
To read this article, click here!
VIDEO: City Prepping. Cyber Attacks on Infrastructure Have Begun: What to Expect Next.
The recent Colonial Pipeline Hack is an example of what we can expect in a war that will increasingly spill over into our everyday lives. In this video, we'll explain what happened and what you should expect next.
To view this video, click here!

CyberAware Webinar Series

Screen Shot 2021-05-10 at 11.09.25

Click here to watch the replay of the Navigating the Threat-Scape webinar
Click here to watch the replay of the Combatting Social Engineering webinar
Click here to register to the Combatting Ransomware Attacks webinar

Topics: CyberAware