Following an increase of cyberattacks during the coronavirus crisis, the latest cyberattacks – predominantly on Ukranian government and infrastructures – sheds light to a further aspect of the necessity for a high level of cyberresilience. Cyberattacks targeting essential services have the potential to inter alia destroy infrastructure, affect drinking water supply, hamper electricity and telecommunication services, and thereby debilitating states. Digitalisation and interconnectedness of and within key services and infrastructures result in an increased attack surface. From the attacker’s viewpoint, cyberattacks can be carried out more rapidly than standard weapon attacks, they are relatively cheap, while defending against them can be costly and difficult.
Unsurprisingly, part of Russia’s attacks on Ukraine are taking place online. While previous attacks on the Ukrainian power grid, a mining company and a railway operator in 2015 and similar attacks were attributed to either a Russian hacking group or the Russian government, the increase of cyberattacks ahead of pysical warfare seem to indicate an involvement of the Russian governement.
The largest attack on Ukraine in four years took place in mid-January 2022: about 70 government websites were temporarily down. Before the sites went offline, a message warned the Ukrainian people to “prepare for the worst”.
On 23 February 2022, the most sophisticated cyberattack against Ukraine in this year, began in the form of a mass DDoS attack. In parallel, a “wiper” attack, which destroys data on infected machines, was discovered being used against Ukrainian organisations. Malware known as HermeticWiper targeted Windows devices, manipulating the master boot record resulting in subsequent boot failure. On 24 February 2022, the news agency Reuters reported of activities spreading outside Ukraine with activity also taking place in Latvia. Russia is denying allegations of involvement in the attacks on Ukraine and Latvia.
The EU has since deployed its new cyber rapid response team, led by Lithuania, to help defend Ukraine from cyberattacks. The cyber rapid response team (CRRT) is a project under the EU Permanent Structured Cooperation (PESCO). CRRTs allow Member States to help each other to ensure a higher level of cyber resilience and collectively respond to cyber incidents. They pool participating Member States experts and will be equipped with commonly developed deployable cyber toolkits designed to detect, recognise and mitigate cyber threats.
With Latvia claiming ‘activities’ taking place in Latvia, we would like to raise awareness of the latest initiative of the EU in terms of preparedness against cyberattacks on essential and critical infrastructures: In June 2021, the EU Commission proposed a Joint Cyber Unit to step up response to large-scale security incidents. The aim is to prepare for a collective response, increase the sharing of information and offer assistance in recovering from cyberattacks. The Commission Recommendation (EU) 2021/1086 of 23 June 2021 on building a Joint Cyber Unit forms an important step forward to complete the European cybersecurity crisis management framework and constitutes a concrete deliverable of the EU Cybersecurity Strategy and the EU Security Union Strategy. The Commission is proposing to build the Joint Cyber Unit through a gradual and transparent process in four steps, in co-ownership with the Member States and the different entities active in the field. The aim is to ensure that the Joint Cyber Unit will move to the operational phase by 30 June 2022 and that it will be fully established one year later, by 30 June 2023. In the future, the Joint Cyber Unit will establish and mobilise the aforementioned EU CRRTs, which currently exist as a Cyber projects conducted in the framework of PESCO. Under the given circumstances, it is unlikely that the establishment of the Unit will be delayed.
Further information:
- Overview of the EU cybersecurity ecosystem
- Factsheet Joint Cyber Unit
- CISA alert to understand and mitigate Russian state-sponsored advanced persistent cyber threats
- CISA alert on destructive malware targeting organizations in Ukraine