Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

US cyber attack: Did America really try to override the Russian power grid?

Analysis: Reports on an US cyber-op raise as many questions as they answer 

Oliver Carroll
Moscow
Wednesday 19 June 2019 05:29 EDT
Comments
A security services source claims the US has implanted malware within Russsia's power grid
A security services source claims the US has implanted malware within Russsia's power grid (REUTERS)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

On Saturday, readers of The New York Times were offered a glimpse of a grave new world of cyber warfare.

The United States had successfully performed offensive operations against Moscow, readers were told, undermining key parts of Russian infrastructure. The details were scarce but astonishing: malware “implants” had been engineered inside the Russian power grid, ready to turn off electricity supply to homes, hospitals and schools at a moment’s notice. The operation, moreover, was kept to a need-to-know basis — with the president kept largely in the dark, lest he spilt the beans to Mr Putin.

The article created a storm at home, not least from the president himself. Donald Trump described it as a “virtual act of Treason” (sic) and its writers — "true cowards." Reaction was excited in Moscow too, with state news agencies describing the dawn of “a new cold cyber war.”

The Kremlin, while insisting its secret services had the matter under control, was largely happy to agree. “This information means there is a hypothetical possibility of cyber war,” spokesman Dmitry Peskov said on Monday.

Yet for all the fear and excitement created by the article, big questions remain about the nature of the US operation it described. Not least: Why was Russia being tipped off about supposedly important US assets in the Russian power grid? Had they been found? If the operation was real, how much did it represent a change in the normal state of affairs? And why was the news being broken now?

Cyber tensions between Russia and the West are not new. The first act of cyberwar assigned to Russia can be traced back to at least 2007, when a decision by Estonian authorities to move a Soviet war memorial provoked weeks of DDOS attacks. Then, Estonian banks, governmental bodies and the media were all targeted. The systems weren’t penetrated, but authorities were forced to disengage from the external internet to free traffic. For several days, those accessing the Estonian web from outside received 404 messages.

Russia’s guilt was never conclusively proven but Toomas Hendrik Ilves, President of Estonia at the time, was far from the only one to put the blame at the Kremlin’s door. The incident was “a massive annoyance” rather than an emergency, he told The Independent. But the lack of an international response laid the foundations for more serious operations later.

These operations, it is alleged, included hacking power grids in Ukraine from 2015 onwards, attempts to infiltrate US civilian infrastructure and the operation to disrupt the 2016 US presidential elections.

Under pressure to take action in response to these alleged attacks, in 2017 Barack Obama made an unusual move by of announcing he had ordered retaliatory cyber operations against Russia. The operations were part of a broader set of measures that included diplomatic expulsions, he said, but the cyber part would be kept secret. By that point, US active capability in cyber was already well-known — as early as 2009 it successfully planted malware into Iranian nuclear centrifuges, described as by a former CIA director as a game-changer equivalent to Hiroshima — but never before had the cyber capacity been so openly publicised.

It is unclear to what extent these retaliatory operations were ever completed, or how the power grid operation described by the newspaper on Saturday offered any new intelligence capacity. As the New York Times article admitted, power grids have been "low-intensity battleground for years."

That context would suggest message was as important as the operation itself, said Philip Ingram, a former British military intelligence officer and cyber expert. At a minimum, whoever leaked the information to the New York Times was “playing with the serotonin levels” of their Russian counterparts, he suggested.

“Every country is looking to develop warfare either by physically doing something or perception that they can do something,” he told The Independent. “The Russians themselves are masters at creating an impression that far exceeds real capacity, whether that be in unrealistic hypersonic missiles or unaffordable next-generation tanks. The Americans, it seems, are simply catching up.”

Saying that software has been implanted on the power grid doesn’t necessarily mean that it has, the security expert added — but what it does "is create doubt and it sets the adversary off on what may be a wild goose chase.”

Arguably the one unambiguous moment of the article is its explicit criticism of President Trump. That the president was not informed of such an operation is permissible under a presidential memorandum he signed in 2018, authorizing quick offensive operations against foreign adversaries. But doubts over the president's ability to handle such information, as expressed by "pentagon and security sources" in the NY Times article, underline long-running tensions between the White House and wider US establishment.

John Sipher, a former head of CIA Russia operations, told The Independent that he too focused on the assertion that the national security establishment was cutting out the President.

"I can fully imagine that being the case," he said. "Trump is so untethered, ignorant and unable to focus, the majority of the government is probably trying to ... avoid engaging him."

This point has also been picked up by Russian media, who have suggested the leak had been designed to “sabotage” negotiations at the G20 summit.

Russia has itself yet to disclose what it knows about the alleged American power grid operation, if indeed it knows anything at all. On Monday, an unnamed security source gave only a general statement, claiming the Russian security services had managed to “neutralise a growing number of attacks.” On Tuesday, spokesman Peskov offered underwhelming details of a "DDOS attack" on the President’s “Direct Line” Q&A with the nation, the next instalment of which is due on Tuesday.

What is clear is that Washington and Moscow are both signed up to the principle of cyber warfare, if not agreeing on the rules. The road ahead could be as ambiguous as it is fraught.

“Cyberwar is not yet well defined in international law," said Mr Ingram. "When it becomes part of a disinformation operation by whatever side, things become dangerous.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in