Electricity-generating companies and financial institutions in Western nations — including Canada and the U.S. — could face cyber attacks from Russian-based groups starting next week, warns the head of a Canadian think tank.
The trigger would be a decision by the Russian Duma to approve a request from two break-away regions of Ukraine to be recognized as independent nations, said Brian Hay, president of the Mackenzie Institute.
If that happens, NATO would likely impose financial sanctions on Russia, he said, and Russia would respond with cyber attacks on NATO countries.
Canada and the U.S. “conceptually” understand the cyber threat, he added, but neither nation has hardened its electrical infrastructure enough.
“There could very well be a very significant uptick in aggressive cyber activities next week and beyond to disrupt the financial systems in Western counties, and potentially even electricity systems,” Hay said.
“If it doesn’t happen next week it will happen soon thereafter as this whole situation escalates.”
According to a report this morning from the Reuters news agency, that Monday, Feb. 14th vote may be delayed. It quotes a Duma speaker saying the body may decide to first ask the Foreign Ministry and other government agencies for feedback on recognizing the two regions, which would delay a vote.
In January the Canadian Centre for Cyber Security issued a cyber threat bulletin to critical infrastructure organizations here, following similar alerts issued by its U.S. and U.K. counterparts. The warnings come a week after a Russian-based threat actor allegedly attacked computer systems in Ukraine. Russia has amassed an army on Ukraine’s border.
“I’m not trying to get people in a panic mode,” Hay added. “I’m just saying be prepared. Run your [incident response] plans now, don’t wait for the event to happen.”
UPDATE: Asked for comment, the Canadian Bankers Association said that banks here are security-mature organizations and are widely recognized for their leading cyber security practices. “Their highly-skilled IT security teams use advanced technologies to safeguard their operations and keep their customers’ money and data secure. Banks also work closely with government departments and agencies, law enforcement and other strategic partners to share intelligence and align their efforts in countering cyber threats.”
ITWorldCanada also asked the North American Electricity Reliability Corporation (NERC) for comment.
Related content: NERC reported more cyber incidents in 2020
Two breakaway elements of Ukraine, the Donesk and the Luhansk regions, want the Russian Duma to recognize them as independent states. “If that becomes the case, then Russia will have effectively extended its borders further west into Ukraine,” Hay said, “which will upset both Ukraine and NATO because while Ukraine is not part of NATO they are allied as a prospective member.”
“Putin has said ‘we are not going to invade Ukraine’. But by defacto recognizing the two republics that are trying to break away by giving them independent status or integrating them into Russia, they will in effect partition Ukraine. They will move troops in. Bottom line, they will have moved troops in without invading Ukraine.”
The United States and NATO have said they will sanction Russian President Vladimir Putin and his leadership if that happens, possibly even cutting Russia from the SWIFT international banking transfer system. “If that happens, the Russians will react,” Hay argued. “and what they will react with, short of kinetic [conventional] war, I believe, is a very very aggressive series of cyber attacks to do the same thing to the United States and Europe as they have done to them – cut off financial activities.”
Hay agreed attacks on an electricity system would be seen as an act of war. But, he said, Russia would argue that sanctioning its financial system would also be an act of war and justify a response.
He noted a dispute in 2007 between Russia and Estonia where the smaller country’s financial system was “shut down.” In 2016 Ukraine’s power system suffered after a cyber attack.
The attack on Estonia, believed to be one of the first sustained cyber attacks on a nation, led it and other nations to realize the potential of the tactic.