Alongside the sadly visible wars, others are being fought that we cannot see, but whose effects could suddenly overwhelm us. Cyberattacks are on the rise and energy infrastructure is increasingly under fire, especially since the start of the war in Ukraine. The actions of hackers, who act more or less directly on behalf of sovereign states, aim to disrupt everyday life by targeting power plants and essential systems that manage the production and transmission of energy. Italy is also a target and appears vulnerable: it is among the most attacked European Union countries, with the National Cybersecurity Agency defining 2023 as a “year of heavy aggression”.
Strategic infrastructures exposed: the cases of Russian hacker sabotage in France
Recent attacks on strategic European energy infrastructures have drawn attention to the vulnerability of systems vital to the functioning of entire countries, which can even be disrupted or deactivated. The latest attacks were limited to attempts and fortunately there were no major problems, but they showed how simple it can be to carry out. According to information reported by the French newspaper Le Mondein the first days of March 2024, an IT intrusion occurred in the control software of a French hydroelectric plant.
A well-known Russian Telegram group, “CyberArmyofRussia_Reborn”, had published a video in which it claimed hacker sabotage of the Courlon-sur-Yonne dam, in the Burgundy-Franche-Comté region, south-east of Paris. As can be seen from the images released, the process that then leads to flooding of the valley is shown.
But it wasn’t the Courlon-sur-Yonne dam. In reality, the hackers had entered the management system of a small lock in the French water system with a similar name: Courlandon. The main effect of the action was a lowering of the water level by 20 centimetres.
The Telegram channel regularly reports data theft or computer intrusions on behalf of Russia. For example, between January and April cyber attacks were claimed against wastewater treatment plants in Poland and in the United States where the water distribution and storage system serving several rural communities in Texas was affected.
As a report shows Mandiant, a cybersecurity company owned by Google, this propaganda channel is directly controlled by Sandworm, a major elite unit of Russian Military Intelligence (GRU). For Mandiant, these propaganda channels serve, among other things, to “present the group’s cyber capabilities in the best possible way, exaggerating the impact of certain attacks.”
Although the consequences of the action in France were limited, Mandiant points out that Sandworm is the main Russian actor engaged in cybermilitary operations in Ukraine, but not only: “Their attacks in the United States allowed them to access critical infrastructure and really destroy things – explains a Le Monde John Hultquist, Chief Analyst at Mandiant – It’s worth mentioning that Sandworm has been involved in some of the boldest attacks ever seen against critical infrastructure.”
Zelensky brings war to Russia with drones but threatens oil prices
According to the International Energy Agency (IEA), critical infrastructures, including gas, electricity and water, are among the favorite targets of cyber criminal organisations. Cyberattacks on utilities have increased rapidly since 2018, reaching alarming levels in 2022, just after Russia’s invasion of Ukraine. And companies in the sector have not always been prepared to stem these attacks.
As IEA shows, recent cyberattacks in the electricity sector have disabled remote controls of wind farms, disrupted meters and led to recurring sensitive data breaches involving customers’ names, addresses, bank accounts and phone numbers.
Russia’s eyes on Europe, Italy under fire: “Among the most affected by cyberactivism”
Historically, Russia has combined massive use of cyber tools with field actions to achieve its strategic objectives. And since the beginning of the war in Ukraine, the quantity and quality of attacks have multiplied, especially in the bloc of allies who are supporting Zelensky’s country. “For decades, Russia has mapped critical underwater cables and pipelines that we depend on,” James Appathurai, NATO deputy secretary general for innovation and cybersecurity, said at a recent conference.
In Italy the situation has worsened, as shown by the latest attacks on government bodies and related criticality alerts issued by the Agency for
national cybersecurity. According to the latest report from the Italian Association for Cyber Security (Clusit), our country alone has received 11 percent of the attacks detected globally and the pace of actions suffered is continuously increasing. 41 percent of cyber attacks defined as “serious” affected businesses
public administrations.
According to the latest annual report to Parliament by the National Cybersecurity Agency (ACN), the most affected sectors are telecommunications, transport and financial services. Alertness and capabilities have grown and the monitoring of assets considered at risk has increased by 374 percent, together with recorded cyber events (+30%) and reports more than doubling. In the energy sector, the ACN recorded 68 attacks and according to the agency, cyber activism is growing alongside wars on the ground, with the majority of events (248) claimed by pro-Russian collectives. In general, in 2023 Italy was the third most affected country in the European Union, and the sixth on a global scale.
Computer intrusions and sabotage attempts in France raised fears that the same thing had happened in Italy, in the explosion of the Suviana hydroelectric power plant in the Bolognese Apennines. It will take a long time to understand what really happened but sources from the Bologna prosecutor’s office have told Today.it that at the moment there are no investigations into this type of hypothesis. However, the data shows that the risks of attacks on similar infrastructures remain real in Italy too and for this reason companies are adapting to the new scenarios.
In the latest sustainability report published by Enel we read about the “awareness that cyber risk is strongly characterized and influenced by exogenous, unpredictable factors, such as cyber attacks, which are increasingly frequent and sophisticated, which could negatively impact operations of businesses, even in the face of the existence of defense processes and technologies”. Enel manages 1,300 hydroelectric, geothermal, wind, photovoltaic and thermoelectric plants and due to its importance it could be exposed to potential attacks. For this reason it involved a third of industrial plants in test campaigns with respect to scenarios of this type.
The company monitors every possible attack through a “Cert” (Cyber emergency readiness team), operational 24 hours non-stop, 7 days a week, capable of immediately activating any necessary response. Terna, which manages the Italian electricity grid, also has a Cert to deal with “any possible incident with efficient management of communication and escalation processes and procedures, both internal and external, and with effective coordination of response actions”.
