“US Ramps Up Online Attacks on Russian Power Grid, NYT Says” – TTG

Kostyuk_power_grid

Walrus has already started an engaging conversation on this subject. As someone deeply involved in the early development of DoD cyber operations, I wanted to add  my two cents from a different angle. I am not as horrified by this development as many here are. But I am very uneasy with the apparent involvement of Bonkers Bolton. That creature is as dangerous as a malfunctioning Dalek. I'm pretty sure he doesn't understand these things. Even if he did, he wouldn't care.

—————

The U.S. is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir Putin, the New York Times reported, citing current and former government officials. While the U.S. has probed the Russian grid since at least 2012 and there’s no evidence it has turned off power, the Trump administration’s strategy has shifted more toward offense with the deployment of U.S. computer code inside the grid and other targets, the newspaper said. The effort has gotten far more aggressive over the past year, the Times quoted an unidentified senior intelligence official as saying.

The administration declined to disclose specifics, according to the report. However, National Security Adviser John Bolton said publicly on Tuesday that the U.S. is taking a broader view “to say to Russia, or anybody else that’s engaged in cyberoperations against us, ‘You will pay a price,”’ the Times said. (Bloomberg)

—————

This is a far cry from our early attempts at preparing to conduct offensive cyber operations. I remember attending several briefings at one of these early organizations at the NSA. The control of offensive tools was as restrictive as the control of nuclear weapons. It was obvious these things scared the crap out of DoD and NSA back then. It’s equally obvious DoD and now CYBERCOM have learned to stop worrying and love the “Cyber-Bomb.” Our use of the Stuxnet worm to sabotage Iranian centrifuges was proof of our growing comfort with these things. 

However, Stuxnet was used against Iran. We’re comfortable with raining all kinds of death and destruction throughout the Middle East. Now we’re taking actions to disrupt Russia’s power grid. That’s playing with raining death and destruction upon a nuclear capable peer competitor. Hacking the grid is one thing. We’ve all done that for many years. That’s just part of the intelligence preparation of the battlespace (IPB). Implanting weapons to disable the Russian grid is a leap beyond that. Seems CYBERCOM has embraced the concept of operational preparation of the battlespace (OPB), a concept widely practiced in JSOC and in other parts of the special operations community. MG Michael Repass, a former 10th Group Commander, wrote a paper in 2003 describing these things. 

"Advanced Force Operations consists of US SecDef-approved military operations such as clandestine operations. It is logically part of Operational Preparation of the Battlespace (OPB), which follows the Intelligence Preparation of the Battlespace, a concept well-known in U.S. and NATO doctrine, OPB is seldom used outside of SOF channels. OPB is defined by the U.S. Special Operations Command as "Non-intelligence activities conducted prior to D-Day, H-Hour, in likely or potential areas of employment, to train and prepare for follow-on military operations.” 

I don’t think this was ever official policy, but OPB was widely viewed as a powerful tool to break the CIA’s stranglehold on covert action, at least on the operational level. Given that CYBERCOM is a unified combatant command finally gaining independence from NSA and the IC in general, this embrace of OPB is a natural progression. What else CYBERCOM copies from JSOC’s authorities and tactics, techniques and procedures (TTP) will be interesting. It could also be quite dangerous. Cyber operations are here to stay. They are becoming more effective for reconnaissance and attribution, for disrupting a target’s networks and infrastructure and for perception management. The inhibitions against engaging in these operations are relaxing.

An interesting point in the NYT story is that it appears Trump has not been briefed on this stuff. Perhaps CYBERCOM and DoD don’t consider this level of OPB rising to the level of Presidential decision making. Pulling the trigger on grid disruption certainly should. Why wouldn’t they brief the President? Is it to keep him in the dark out of a lack of trust? That’s disheartening. Now with the story published all over the world, DoD should feel impelled to fully brief the President. The best outcome would be Trump pushing for negotiations with Russia, China and maybe others to develop a de-escalation/non-proliferation treaty on cyber operations with the same vigor and earnestness that we once approached nuclear weapons.

TTG

https://www.bloomberg.com/news/articles/2019-06-15/u-s-ramps-up-online-attacks-on-russian-power-grid-nyt-says

“Combating Terrorism with Preparation of the Battlespace”

“Trump calls newspaper report on Russia power grid treason”

This entry was posted in Policy, Russia, The Military Art, TTG. Bookmark the permalink.

38 Responses to “US Ramps Up Online Attacks on Russian Power Grid, NYT Says” – TTG

  1. Avatar J says:

    TTG,
    What do you think about the Russians backup plans to sever all ties with the internet, and continue their operations in their own national intranet? Putin has been proactive on this as one of their asymmetries, and the Duma has been following his suit with supported legislation.

  2. Avatar JamesT says:

    Alas – I can imagine a cyberwar, escalating to an EMP burst, escalating to a hot war. I believe that the unremitting attacks on Trump have been for the express purpose of making it impossible for him to push for negotiations with Russia – about anything.

  3. Avatar Pirate Laddie says:

    Let’s see. We don’t seem to be able to field a team that can prevail in Iraq or Affie. Actions against Syria and Venezuela appear to have “miscarried.” Putin & Company are doing quite well in their public relations campaigns against “the West,” specifically the US. In the European theater, the whole “Brexit” imbroglio is a G*d-send, ditto the Gilets Jaunes. There’s talk of Russian hypersonic weapons while F-35s struggle to get off the ground.
    Now we learn of new cyberwarfare initiatives, designed to bait the Bear in one of the areas where they’ve a demonstrated superiority. Sounds very much like the endgame of Empire.

  4. J, We worked closely with the Russians when preparing for Y2K. They did a lot of that then. Also prepared for manual control. We do the same things as part of continuity of operations planning. Remember, the Iranian centrifuges were not connected to the internet, either.

  5. Avatar Liza says:

    TTG:
    I have three questions. If you have the time or inclination to answer any of these, I would appreciate it.
    1) Walrus wrote that he doubted this was true. Do you believe that it is true ?
    2) I assume that this would have not have been disclosed unless US agencies knew that the Russians were aware of it. Last month, there was an unusual cyber operation on a US power grid. Do you think that this could have been a message from the Russians that they are able to respond in kind ?
    https://www.npr.org/2019/05/04/720221912/cyber-disruption-affected-parts-of-u-s-energy-grid
    3) Could a similar cyber attack have been used to shut down the power grid in Venezuela ? Russian personnel were sent to help repair the power grid. If the cyber attack was in fact similar, is it probable that the Russians would be able to detect and disable malware in their power grid ?

  6. Avatar ISL says:

    “An interesting point in the NYT story is that it appears Trump has not been briefed on this stuff. …. Thats disheartening.”
    I would call it quite alarming. The president making decisions / policy on incomplete and deliberately withheld information.
    If he is not informed on this, what else is he not informed on? It seems unlikely that this is the only thing being kept from him to deliberately manipulate his world view.
    One might imagine he also is being fed disinformation – the video of the Iran tankers and the unimaginative story of limpet mines (someone has a very low opinion of the US media and public, or is just too lazy to care) likely was presented to Trump as fact.

  7. Avatar confusedponderer says:

    Pirate Laddie,
    re: “We don’t seem to be able to field a team that can prevail in Iraq or Affie”
    The orange penal tax lover and his happy henchmen Bolton and Pompeo don’t have a problem with war, for one since they themselves won’t (have to) fight it and then since they have proved to gain delight from occasional cruise missile orgasms.
    Likely the US won’t be able to quickly defeat Iran on the ground (large place, difficult terrain and likely skilled and determined resistance), but they can cause a hell of damage from a ‘safe distance’ and the air or the sea.
    There is that joke that Bolton never saw a problem for which war was not his preferred solution. Never let the man crack an egg during breakfast … you may end up with a thermonuclear fried egg.
    Such a dude is a molotov cocktail at the fiery table of a maximum escalation out of ‘principal’ man, who just invented “Charles, the prince of Whales”, and so accidentally explained to the more simpleminded the REAL source of the strength of the Royal Navy. And by the way, it was likely determined delphins, who sinked the Bismarck, but … shhh!
    And as for baiting the bear in cyber war, that incident in Baltimore suggests the US are themselves rather vulnerable in that field, ironically indirectly thanks to the NSA.
    https://www.theguardian.com/us-news/2019/may/22/baltimore-still-grappling-with-hack-of-government-computers-after-two-weeks
    https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html
    It is not very smart to invite skilled opponents to that sort of game, but then … the US have now three stable geniusses to deal with that, if not four with Pence if the opponent is gay.

  8. Avatar walrus says:

    My problem: What is the difference between what the U. S. is alleged to have done and the Russians saying: “hi, we have just hidden twenty suitcase nuclear weapons in your major cities, just in case.”?
    I don’t see much difference.

  9. Avatar Mathias Alexander says:

    If the Iranian centrifuges were not connected to the internet then how did Stuxnet get in?

  10. Avatar Ghost Ship says:

    Have the Iranians ever admitted the alleged damage to their centrifuges? Not that I know of, so as far as I can see they are the only ones who really know what happened at the sharp end. All the claims by the Israelis and US IC are just conjecture.
    As for the Russian grid, it might use a computer network for communications monitoring and administration but I have my doubts about them using it to actually control the operation of the grid, so while this alleged malware might complicate the operations of the agency responsible for the Russian grid, it seems to me it would be unlikely to be able to actually take over the operation of the grid.
    BTW, I can believe that even if Russia knew about this malware (Kaspersky), they wouldn’t tell anyone or complain about it, but just wait for someone to throw the switch. There’s nothing like watching an antagonist waste billions on systems that don’t work and the US has a solid recent history of that.

  11. Avatar Barbara Ann says:

    Very interesting TTG.
    Agree re the urgent need for a Cyber equivalent of the NPT, but given that the current direction of travel in that area is the exact opposite, I am not holding my breath. And there are other problems, such as monitoring & attribution. Nuclear weapons controls are associated with inspections of weapons and production facilities, the work of the IAEA etc. How would it be possible to audit the use of computer code? And even code in violation of a treaty can be easily spoofed to appear to have “Iran written all over it”, for example. I cannot see how any sort of treaty would be a practical possibility.
    There is another critical difference between offensive cyber weapons and nukes. Stuxnet was discovered thru reports of infections in Siemens PLCs in countries right around the globe. In the documentary Zero Days it was alleged that Israeli insistence on inserting the code into Natanz ASAP led to a relaxation of the methods by which it could be transmitted. The result was a scatter gun, with an uncontrolled spread. What just happened in Argentina & Uruguay might be entirely unrelated, but it is exactly the sort of outcome we can expect if these weapons are handled carelessly.
    And if we must learn to love the “Cyber-Bomb” we’d better all prepare ourselves for the day a non-state actor gets hold of a suitcase version. Only you don’t need a suitcase, just a memory stick.

  12. Avatar joanna says:

    I believe that the unremitting attacks on Trump have been for the express purpose of making it impossible for him to push for negotiations with Russia – about anything.
    I always believed whatever Trump said concerning Russia during his campaign had to be taken with a grain of salt, since most of it was purely a reaction to the inner US campaign dynamics. In other words a reaction to … guess who …
    There are rumors, who made him choose Bolton, and all that sponsor needed were other relevant promises during his election campaign. They were mostly ignored here on SST as relevant, although all over the place. But those he fulfilled almost all so far.

  13. Avatar joanna says:

    oh dear, what did it feel inside the upcoming Y2K disaster?
    For whatever reason this triggers a temporary Blackstone takeover of a southern* integrated internet electricity grid over here. Well forget it.
    * …

  14. Avatar Barbara Ann says:

    Re “..how did Stuxnet get in?”.
    I heard of a study once which slipped CD ROMs (it was a while back) printed with the company logo into the personal effects, of various executives (outside the office). A good proportion of the sample inserted the CD ROM into a drive at work, out of curiosity I guess. The CD ROM just left a digit fingerprint for research purposes in this case, but it could have been carrying anything.
    It’s called crossing an ‘air gap’ (from the internet) and the people that do this stuff are an imaginative bunch. In Stuxnet’s case, as far as I understand it, the software got to the PLCs which controlled the centrifuges via a software update. To do this its designers had stolen digital ‘keys’ so that the malware could masquerade as a legitimate update from the vendor. Think Microsoft Windows Update, only not from Microsoft…

  15. Avatar Fred says:

    People like Chelsea Manning only take files out of networks and would never put things in;like the people who put child pornography on Alex Jones’ network servers. Such things would never be done to discredit someone as part of a campaign of perception management.

  16. Avatar prawnik says:

    Trump’s supporters claimed that he would dismantle the Deep State. Turns out that Trump has so little authority in his own house that the Deep State blithely commits an act of war against a nuclear power and doesn’t even bother to inform the commander-in-chief.
    https://www.nytimes.com/2019/06/15/us/politics/trump-cyber-russia-grid.html

  17. Avatar Fred says:

    walrus,
    why bother with that, and probably lose control of one or more nuclear weapons, when you can just infiltrate one or more NGOsand convince them to pay for some Congolese to migrate to the US via the Mexican border during the same timeframe as an Ebola outbreak?

  18. Liza, I don’t know if this story is true, but it tracks with everything I’ve seen before my retirement. Hacking the power grid has been a holy grail of cybergeeks since the dawn of dial in modems. Until fairly recently, these probes and attacks have been done between Russia and the US quietly with great finesse and a great deal of deniability. I’ve seen that change with the 2015 attack on the JCS and DOS networks. These attacks were noisy, bold and persistent. These attacks were witnessed by the Dutch AIVD penetration of the hacker’s office in Moscow. I also saw how the probably Russian penetration of our classified JWICS and SIPRNET in 2008 affected our cyber people. All those nerds and geeks wanted vengeance. Given these events, I would not be at all surprised if our implantation of destructive tools within the Russian power grid is confirmed.
    Can the Russians, and others, respond in kind? Sure. However, not every power grid failure is due to a hack. Things break. Operators make mistakes. To assume every glitch whether it be in Venezuela, Argentina or our own Target stores is a mistake. This other war in the shadows has been going on since the days of “The Cuckoo’s Egg” and it will only intensify. I think it is imperative that we all maintain our cool and not equate every network attack, power grid failure or information operation with a full on nuclear attack. BTW, I heartedly recommend that book. It describes the nature of the attacker-defender relationship which continues to this day.

  19. Avatar Barbara Ann says:

    ISL
    The bit about Trump not being in the loop, right after mention of Bolton’s name associated with the program could be read another way: Someone has knives out for President Bolton, as Fred here recently referred to him. NYT sources maybe saner members of the IC refusing to drink Bolton’s Iranian Kool-Aid?
    Alternatively, it could just as likely be BS and just general sh*t stirring by the NYT to try and further paint Trump as rogue POTUS who can’t be trusted by his administration. That would certainly fit the editorial line.

  20. Avatar Keith Harbaugh says:

    What I have been noticing is the amount of clearly TS/SI, etc. data appearing on the front page of the NYT, information whose publication, on the face of it, harms the U.S. national interest.
    Should this article be such?
    If the statement is true, I don’t see why we would want to give away the fact.
    That makes it so much more likely that the Russkis will be able to disable those “implants”, does it not?
    Here is another probably harmful leak on the NYT’s front page:
    “Potential Clash Over Secrets Looms Between Justice Dept. and C.I.A.”, NYT, 2019-05-24

    [O]fficials said Mr. Barr wanted to learn more about sources in Russia, including
    a key informant who helped the C.I.A. conclude that President Vladimir V. Putin ordered the intrusion on the 2016 election.

    That statement, on its very face, is revealing a source.
    You can report you have intelligence information, without revealing whether it was derived from HUMINT, SIGINT, or whatever.
    Why narrow the Russkis search for who/whatever revealed that information, assuming that the report is an accurate one?

  21. Avatar turcopolier says:

    KH
    IMO there is no Russia source on this matter. Steele made the whole thing up based on his instructions from people in the UK intelligence and propaganda apparat acting on coordination with Clapper and Brennan. Both these men have always been on the Left and hated the idea of a DJT led counter-revolution. You may not like DJT, I do not, but for whatever reasons he certainly has been leading a counter-revolution against the steady movement toward globalist policies. As to the present story about the Russia grid, IMO Bolton and the neocons have been leaking this material as part of their drive toward war with Russia and Iran. The tanker attacks IMO have been put on by local surrogates in th ME to advance these policies. Unless the president told them personally to leak the material they should be prosecuted.

  22. Avatar turcopolier says:

    TTG – Too technical for me. I am basically a grunt who wandered into the world of covert action, strategic analysis and clan HUMINT. IOW, if you don’t have a rusty AK in your closet you would not have been a subject of interest for me.

  23. Avatar Keith Harbaugh says:

    War with Russia? My God, I hope not.
    War with Iran would be a terrible and costly disaster for the U.S.,
    but war with Russia, whatever damage we could/would do to them,
    would really mean the end to the U.S. as we have known it.
    Could such war be kept limited? I highly doubt it. It would escalate to the thermonuclear cataclysm long feared.
    A long ago reference some may remember:
    On Thermonuclear War by Herman Kahn, 1960
    Do you really think “Bolton and the neocons” are driving toward war with Russia?

  24. Avatar turcopolier says:

    KH
    The hard core neocons have convinced them selves that they could ride out a war with Russia or the Russians would cave in brfore the crunch came.

  25. Avatar JJackson says:

    I heard that in this case the Israeli agent dropped blank memory sticks. These, once picked up and used on the Engineers laptops, overcame the air gapping.

  26. Avatar JJackson says:

    TTG
    I recall from the ‘Zero days’ documentary one section is which the composite interviewee said that Stuxnet was the tip of the iceberg and proudly stated that they were into everything and could basically shut Iran down whenever they wanted to as they already had dormant code in place. I recall thinking if that is true for Iran then it seems unlikely not to be true for everyone else.

  27. According to RIA Novosti, a source within the leadership of one of the Russian law enforcement agencies (FSB?) said foreign intelligence services’ efforts to penetrate into the transport, banking and energy management systems of Russia have increased over the last few years. The source continued, “However, we manage to neutralize these actions.”
    Rather than getting overly excited about the NYT claim, we should accept that this tit for tat cyber activity is now as normal a part of our world as espionage. At the same time we should stop the silly talk of Russian IO to influence our elections being an act of war. It isn’t. It’s another way of nations competing with each other. We still need to negotiate and establish some kind of international protocol governing this activity, perhaps something along the lines of UNCLOS III.

  28. Avatar Fred says:

    Pirate,
    Saddam Hussein and his government are gone and the social order overturned. You can’t prevail much better than that.

  29. Avatar J says:

    TTG,
    I’d say the NYTimes article is bogus propaganda, the Russian grid is non-computer control systems which makes virus/hacking a non-player. Russians have been hard at work replacing the western Windows software with Russian Astra Linux . Russian MOD has also been fast at work canning any all western software for Russian made. Astra Linux recently received the go ahead to handle Russian government information of the highest degree of secrecy. The exception is certain Russian Intelligence operate/still use typewriters to preclude compromises.
    J

  30. Avatar Anonymous says:

    I got a twitch that j.assange worked for the svr along with chapman.wonder if they ever met.trump and co have flushed a few out but the key is still out there.twitch is a bitch.could be wrong.

  31. Avatar Mightypeon says:

    I think this is pretty dangerous.
    The thing with these “battlefield preparations” is that they are quite hard to distinguish from actual attacks by the other side. A Russian tit for tat response could easily be interpreted as an active attack by the US. The Russians are pretty professional about this, but all this talk of “nerds and geeks wanting vengeance” kind of scares me. Vengance is a luxury item. It must never be the motivation to do something, especially not against a nation state. This is highly unprofessional.
    Another issue is that the Russians can probably reverse engineer and use the codes/exploits themselfs. I would not be surprised if the cause of the Argentinian shutdown was a US worm initially used against Venezuela placed there by non US actors.

  32. This is no more dangerous than recruiting each others intelligence officers and bureaucrats as spies. The reaction of the Russian security official in the RIA Novosti story shows how professionals view these things. It’s nothing to get overly excited about. None of us will stop recruiting spies or stop breaking into each other’s networks. If you don’t believe this, you’re hopelessly naive.

  33. Avatar Eugene Owens says:

    I’m buying a copy of ‘Cuckoo’s Egg.
    What is your opinion on J. Menn’s ‘Fatal System Error’ and his new one ‘Dead Cow Cult’? Should I spend the bucks? I don’t trust the reviews online as I’ve heard that some reviewers get recompense.

  34. I can’t vouch for any of Menn’s work. I’d check out the local library for one of his books first. If you have some time on your hands, I suggest researching the Dark Avenger and Vesselin Bontchev. This was in the first days of computer hacking much like Cliff Stoll’s Cuckoo’s Egg. I started in those early days teaching myself assembler programming to support a cover of mine. I even wrote a couple of early viruses. I met Bontchev when he was doing research in Hamburg.
    https://www.wired.com/1997/11/heartof/
    https://www.leonardomiliani.com/en/2013/dark-avenger-visto-da-sarah-gordon-1992/
    https://malicious.life/episode/episode-2/

  35. Avatar Mightypeon says:

    I dont doubt that the Russians will be professional about it.
    The thing is, if such battlefield preparation misfire (to my knowledge, there are some which activate if you attempt to remove them) they can kill people, and this would move the thing from everyday spying to assasination. Assasination is serious business.
    What I am afraid of is an unprofessional US response to Russian tit for tat measures. Given the current climate in the US, and that far to many US IC members appear to believe their own propaganda about the oh so virtous USA and the oh so nefarious Russians that is hardly and unreasonable fear.
    And My point concerning vengeance against nation states being unprofessional stands.

  36. I agree with your point about vengeance not being a proper basis for nation states to deal with each other. I doubt hot blooded desires for vengeance play into these cyber activities at all… on either side. Sure there are CYBERCOM analysts and operators muttering “them damned Russkies” as I mentioned a few comments ago. I have no doubt those same emotions are felt in Moscow. The bottom line is that professionals are on both sides and those professionals are all unapologetically patriotic. That has little to do with nefariousness or virtuousness.

  37. Avatar Eugene Owens says:

    thanks

  38. Avatar turcopolier says:

    TTG
    The neocon fanatics pushing Trump toward war are not professionals.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.