US cyber attack: Did America really try to override the Russian power grid?

Oliver Carroll

On Saturday, readers of The New York Times were offered a glimpse of a grave new world of cyber warfare.

The United States had successfully performed offensive operations against Moscow, readers were told, undermining key parts of Russian infrastructure. The details were scarce but astonishing: malware “implants” had been engineered inside the Russian power grid, ready to turn off electricity supply to homes, hospitals and schools at a moment’s notice. The operation, moreover, was kept to a need-to-know basis — with the president kept largely in the dark, lest he spilt the beans to Mr Putin.

The article created a storm at home, not least from the president himself. Donald Trump described it as a “virtual act of Treason” (sic) and its writers — "true cowards." Reaction was excited in Moscow too, with state news agencies describing the dawn of “a new cold cyber war.”

The Kremlin, while insisting its secret services had the matter under control, was largely happy to agree. “This information means there is a hypothetical possibility of cyber war,” spokesman Dmitry Peskov said on Monday.

Yet for all the fear and excitement created by the article, big questions remain about the nature of the US operation it described. Not least: Why was Russia being tipped off about supposedly important US assets in the Russian power grid? Had they been found? If the operation was real, how much did it represent a change in the normal state of affairs? And why was the news being broken now?

Cyber tensions between Russia and the West are not new. The first act of cyberwar assigned to Russia can be traced back to at least 2007, when a decision by Estonian authorities to move a Soviet war memorial provoked weeks of DDOS attacks. Then, Estonian banks, governmental bodies and the media were all targeted. The systems weren’t penetrated, but authorities were forced to disengage from the external internet to free traffic. For several days, those accessing the Estonian web from outside received 404 messages.

Russia’s guilt was never conclusively proven at the time but Toomas Hendrik Ilves, President of Estonia at the time, was far from the only one to put the blame at the Kremlin’s door. The incident was “a massive annoyance” rather than an emergency, he told The Independent. But the lack of an international response laid the foundations for more serious operations later.

These operations, it is alleged, included hacking power grids in Ukraine from 2015 onwards, attempts to infiltrate US civilian infrastructure and the operation to disrupt the 2016 US presidential elections.

Under pressure to take action in response to these alleged attacks, in 2017 Barack Obama made an unusual move by of announcing he had ordered retaliatory cyber operations against Russia. The operations were part of a broader set of measures that included diplomatic expulsions, he said, but the cyber part would be kept secret. By that point, US active capability in cyber was already well-known — as early as 2009 it successfully planted malware into Iranian nuclear centrifuges, described as by a former CIA director as a game-changer equivalent to Hiroshima — but never before had the cyber capacity been so openly publicised.

It is unclear to what extent these retaliatory operations were ever completed, or how the power grid operation described by the newspaper on Saturday offered any new intelligence capacity. As the New York Times article admitted, power grids have been "low-intensity battleground for years."

That context would suggest message was as important as the operation itself, said Philip Ingram, a former British military intelligence officer and cyber expert. At a minimum, whoever leaked the information to the New York Times was “playing with the serotonin levels” of their Russian counterparts, he suggested.

“Every country is looking to develop warfare either by physically doing something or perception that they can do something,” he told The Independent. “The Russians themselves are masters at creating an impression that far exceeds real capacity, whether that be in unrealistic hypersonic missiles or unaffordable next-generation tanks. The Americans, it seems, are simply catching up.”

Saying that software has been implanted on the power grid doesn’t necessarily mean that it has, the security expert added — but what it does "is create doubt and it sets the adversary off on what may be a wild goose chase.”

Arguably the one unambiguous moment of the article is its explicit criticism of President Trump. That the president was not informed of such an operation is arguably permissible under a presidential memorandum he signed in 2018, authorizing quick offensive operations against foreign adversaries. But the doubts over the president's ability to handle such information, as expressed by "pentagon and security sources" in the NY Times article, underlines long-running tensions between the White House and wider US establishment.

John Sipher, a former head of CIA Russia operations, told The Independent that he too focused on the assertion that the national security establishment was cutting out the President.

"I can fully imagine that being the case," he said. "Trump is so untethered, ignorant and unable to focus, the majority of the government is probably trying to ... avoid engaging him."

This point has been picked up by Russian media, who have suggested the leak had been designed to “sabotage” negotiations at the G20 summit.

Russia has itself yet to disclose what it knows about the alleged American power grid operation, if indeed it knows anything at all. On Monday, an unnamed security source gave only a general statement, claiming the Russian security services had managed to “neutralise a growing number of attacks.” On Tuesday, spokesman Peskov offered underwhelming details of a "DDOS attack" on the President’s “Direct Line” Q&A with the nation, the next instalment of which is due on Tuesday.

What is clear is that Washington and Moscow are both signed up to the principle of cyber warfare — meaning the road ahead could be as ambiguous as it is fraught.

“Cyberwar is not yet well defined in international law," said Mr Ingram. "And when it becomes part of a disinformation operation by whatever side, things become dangerous.”