Co-operation in protecting electric grid from cyber threats

Featured in Sectra Newsletter, January 2020

The United States and the Baltic States agreed to co-operate in order to protect the Baltic energy grid from network attacks during the upcoming decoupling and desynchronization of Baltic grid from Russia’s electricity network.1

Estonia, Latvia and Lithuania have been members of NATO and the European Union since 2004, but are still due to historical reasons synchronized with Russian electricity network. The countries plan to integrate into the European energy network by 2025. Lithuania confirmed that it is specifically searching for US technology companies to renew its energy systems and to help in fending off possible cyber-attacks.

The Baltic countries are working together in order to seek strategic and technical support to strengthen both energy networks and cybersecurity. It is also about political decision-making, strengthening of NATO cooperation, as well as the US foothold in the Baltic Sea Region. It is in the interest of the US to strengthen its role in the critical infrastructure in Europe, and particularly in the Baltic States. Collaboration can also be viewed in the context of maintaining US forward presence in Baltics helping the US to obtain more information on and a better understanding of Russia.2

Collaboration is also important for the EU. The integration of the Baltic electricity network into the EU-wide energy grid will unify the EU electricity grid by removing the Baltic energy island. Furthermore, the co-operation and the US presence in the region will in part secure Baltic Sea submarine cables and provide additional security for other parts of critical infrastructure, such as communications in the region. US cooperation with Baltic countries is also likely to strengthen the cybersecurity of wider European energy networks.

National power grids and energy sector targets are under threat during the on-going geopolitical tensions

The New York Times (NYT) reported back in June 2019 that the United States had installed malware on Russian power grid as a warning and to demonstrate US capabilities and motivation to use more aggressive cyberattacks. Russia, in turn, told that it has detected and rejected the cyberattacks in the United States.3,4

These operations and statements of superpowers reflect global politics. By publicizing the US penetration of the Russian electricity grid, the US tries to establish a cyber-deterrent in a fashion vaguely similar to nuclear age mutual assured destruction – any attack on American targets, such as elections, may lead to counterattack against Russian electric grid. Such attack could also be used in an asymmetric way, for example as a response to a kinetic attack against the US, or its allies.5

It is also good to keep in mind that similar activities against the US power grid has been reported by the US intelligence community for years, latest in January 2019 in the Office of Director of National Intelligence’s (ODNI) Worldwide Threat Assessment of the US Intelligence Community.6 The threat is not an illusionary one, as was clearly demonstrated by actors, namely Sandworm, linked to Russian state in Ukraine back in 2015 and again in 2016.7

To heighten the risk in 2020, cyberattacks, such as using wiper malware, against critical infrastructure and energy sector targets has also been demonstrated by Iran. The recent elimination of Maj. Gen. Qassem Soleimani might embolden Iranians to act more aggressively, such as launching disruptive and destructive attacks, in cyber domain against Americans and their allies with potential for unanticipated second and third order effects.8 These current developments were also reflected in the latest insights released by the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA), where Iranian threat profile was covered together with risk mitigation measures.9,10

Lesson learned

  • The current geopolitical tensions are increasingly visible also in cyber domain. Global superpowers, and smaller powers trying to punch above their weight, are active in trying to secure their dominance and foothold in cyber domain. Maintaining a persistent access to foreign critical infrastructure is seen as one way of influencing the adversary’s risk calculations and deterring them from making drastic moves. At the same time, defending own infrastructure from adversaries plays an increasingly important role and demands wide co-operation between countries, but also between governments and private sector.


Featured in Sectra Newsletter, January 2020

Related products and services