From Russia with Love

It’s fairly safe to say that unless you’re living under a rock, you’re probably aware of the escalating conflict between Russia and Ukraine, so I thought I would share my $.02 on the denial-of-service attacks against several U.S. airport websites that took place earlier this week, and why it is more significant than people may realize. I don’t have any agenda for writing this, other than to share some knowledge, and hopefully to educate some folks while they enjoy reading a LinkedIn post on my favorite subject: cybersecurity.

On the surface, it almost appears to be an innocuous incident. The usual “parry and joust” of world leaders rattling their sabers at one another as a reminder that they mean business, right? But this small “shot across the bow” is actually a powerful and provocative gesture, and a not-so-polite reminder of the actual motives of Russian nation state actors, which I will expand on below.

If Stuxnet has taught us anything, it's that attacks that extend past the traditional network and impact SCADA, DCS, and PLC type controls are of the gravest concern. For those not “in the know,” think of SCADA, DCS, and PLC as a concept of computerized industrial technologies for things like manufacturing, water treatment, gas and oil pipelines, ships, space stations, and the like. Another way to imagine it is that your personal computer has a lot of computing power, but information is processed very slowly with limited throughput. Industrial processes by contrast require massive amounts of data to be instantly computed, for example the computers used to land a plane or FlyByWire.

Enter SCADA. The first ever instance of an attack against SCADA, was a virus called “Stuxnet,” which was likely a cooperative project between the U.S. and Israeli governments to co-develop a virus that could be dropped into the network of the Natanz nuclear facility in Iran and spread to Siemens industrial machines meant for refining and enriching uranium to cause damage and wreak havoc. Why? It was believed that Iran was in violation of the nuclear energy pact with the U.S. and was attempting to develop nuclear weapons. So, an extraordinary and unprecedented solution was devised to sabotage their progress.

“John, what the heck does that have to do with some guys in Russia attacking websites and what does that have to do with me? Get to the point – full stop.” ?

This impacts you (us) because the offending hacker collective, Killnet, (and the GRU in general) have an end game which is much more sinister than small website service denials. This is evidenced by Killnet’s statement following the incidents claiming responsibility for the attacks and proclaiming their intention of attacking critical infrastructure soon.

Russia's underlying cyberwar strategy is to be able to wage a sweeping technology offense capable of crippling western infrastructure at a moment’s notice. The primary targets? Energy, communications, and logistical infrastructure, and healthcare systems, so that they can blend hot war (conventional warfare) with cyberwar (weaponized cyber attacks to the level of sophistication that they can cause mass fatality incidents or chaos).

Imagine being able to remotely take control of a plane's computers that are used for landing or for maintaining altitude. Or to be able to attack a hospital’s medical equipment, rendering patient care impossible. These horrifying scenarios are much more in alignment with the playbook Russia is writing.

Will this happen? Hopefully not, but tensions are high and the ongoing war in Ukraine gives way to the realist threat of a conflict between the U.S. and Russia since the cold war. The geopolitical landscape is changing rapidly for the worse. And the threat does loom over all of us and has the potential to escalate rapidly. ?

Hope this was an educational read and my apologies for any grammatical or typographical errors. This post was an impromptu “to whom it may concern,” driven by my passion for cybersecurity. It was not carefully read or edited.?