In addition to a physical war, a digital war is being waged in Ukraine. After the Russian invasion and the subsequent sanctions imposed by countries all over the planet, the number of cyberattacks skyrocketed in the world. This is how Candid Wüest, vice president of cyber protection research at Acronis and adviser to the Swiss federal government on cybersecurity risks: “Usually the things that people talk about generate emotions and that is when these types of attacks start to happen.”
Wüest, who is a frequent speaker at cybersecurity conferences, stresses that many people have been surprised that the attacks of this cyberwar “are not being as disruptive as most people would have imagined.” He remembers that in 2015 there was a big blackout in Ukraine due to a digital attack. “Attackers, probably Russian, entered the power grid and knocked out power to thousands of homes,” account in an interview conducted at the CyberFit Summit 2022an event organized in Miami to which EL PAÍS has been invited by the cybersecurity company Acronis.
This attack, which was “really devastating”, caused Ukraine to improve its defense. Since the invasion of Ukraine began, in February 2022, “the only major attack occurred against a satellite provider, taking advantage of the fact that the military used this type of communication.” The incident had collateral damage. In Germany, more than 4,000 wind turbines using satellite communication “stopped being connected”. “They were still producing power, but they could no longer control them“, Explain.
The rest of the attacks have not had “so devastating” consequences. Most are denial-of-service attacks (an attack that seeks to disrupt or crash a website, network, or other online service by overloading it with a high volume of unwanted or false requests). “All the government websites in different countries have been attacked and some are no longer available because they have been bombarded with data junk, because someone has exploited some vulnerability or because the administrator password was weak and they were able to guess it,” he says.
There have also been some data breaches. According to his account, there are some volunteers who call themselves hacktivists who have hacked companies to steal information and leak it. For example, “customer data from many oil or gas companies.” The goal is to “shame them, blame them a bit, point out that they are making a lot of money and try to put pressure on them.”
However, in such a conflict, more catastrophic attacks could ensue. “Most people are afraid that something might explode,” he points out. He gives the example of the Stuxnet virus, a computer worm that in 2010 attacked a uranium enrichment facility in Iran. “They managed to break the entire network and the malware managed to disrupt and damage the centrifuges used for uranium.” Such an attack, according to the expert, could cause radioactive material to spill or even explode: “This would be very bad because nobody wants a new Chernobyl.”
Among the most feared attacks, the expert also mentions the paralysis of the financial market. Something that would cause “chaos and disturbance”. “If all the banks are stopped and no one can get money from ATMs or no one receives any salary, that would probably lead to civil unrest,” he says. This situation could further aggravate “if the water supply and electricity were cut off.”
“Espionage existed before, but now instead of putting a microphone in a politician’s room, they go directly after his mobile”
Russia has accelerated in October its plan to interrupt the supply of energy for the Ukrainian population during the cold months. The bombings have destroyed at least 30% of the country’s electricity production plants, according to Ukrainian President Volodimir Zelensky. If cutting power with a cyberattack was easy, “it probably would have happened by now.”
To this is added that if a country carries out a cyber attack of this type, “of course there will be a response and, generally, countries do not want that to happen either.” “If somebody turns off all the electricity in Ukraine, probably some other country will respond and they really don’t want that to happen because they are all vulnerable to similar attacks, since all the infrastructure has similar technology, whether they are in Russia or in the United States,” he says. .
Protect critical infrastructure
Among the main errors of governments related to cybersecurity, the expert mentions the protection of critical infrastructures, which are sometimes privatized —as is the case of the electrical network in some countries. “The government should support and help these companies that generally don’t want to work with them because they don’t get any benefit,” he explains.
Wüest is part of a group that helps protect Switzerland’s critical infrastructure. Many companies “say they know they have some vulnerabilities, but they don’t have the budget to fix it.” This leaves the government in “a difficult position”: “Should he pay for it?” The expert is not sure which is the best solution. If he pays up, he runs the risk that companies will stop fixing vulnerabilities and ask him for more money. But if he forces companies to pay, “he’s changing the competition.” “I would be telling them that they need to pay a few million more because they didn’t do something in the past and it’s not fair.”
Espionage in the digital age
Politicians also face threats such as espionage. Former British Prime Minister Liz Truss’ personal phone was hacked while she was still Foreign Minister, according to the British newspaper Mail on Sunday. In theory, the cyberspies intercepted confidential messages with international politicians on topics such as the war in Ukraine. “It’s not something new in the digital age, it used to happen before, but now instead of having a microphone in the hotel room, they go directly behind your computer and your cell phones,” he says.
Wüest finds it terrifying to think of how much someone can control just by having access to a mobile phone. In the case of a politician, he could listen to their conversations and know, for example, “what is being planned, if there will be a wave of attacks somewhere or if they will try to impose some sanctions and try to counteract these actions.” In addition to accessing emails and calendars, a cyberspy could even send text messages: “Technically, you could send one saying ‘we should totally attack this country’ or ‘we should stop applying sanctions to it’ and this is something that could reach to happen”.