Over the last several months, a number of announcements by various governments, industry associations, think tanks and other organisations have collectively highlighted that the infrastructure sector is now being aggressively targeted through cyber-operations of various nations or their proxies. Cyber-warfare is now becoming a formulative part of national security, whereby various countries are engaging in penetrating key infrastructure assets during periods of relative peace in preparation for launching attacks at a desired time. Accordingly, infrastructure assets are now de facto strategic targets for cyber-warfare by nations, with infrastructure investors increasingly caught in the crossfire of a digital cold war.
A 21st century WMD
Cyber-warfare is a new and growing force of a country’s ‘hard power’ arsenal. Various countries have formally or informally established cyber-operations departments over the last decade. These state-supported groups have significant financial and technological resources behind them and have the ability to create enormous economic damage to infrastructure as well as having the ability to greatly disrupt societal and political status quo.
Fortunately, there have been limited major incidents involving cyber-attacks to key infrastructure. Most notable are the two attacks in Ukraine in 2017 and 2015, which disabled the country’s power grid, creating widespread black-outs, and were ultimately attributed to Russia. Most recently, in July 2019, there was a massive power outage in Venezuela, which government authorities blamed on an electromagnetic attack, although they have yet to identify whether it was state-sponsored. However, these two attacks do not prove that power grids are singularly exposed – telecoms networks as well as water utilities were also impacted from these outages. Moreover, every infrastructure sector is potentially exposed to cyber-warfare and other means, including cutting key submarine fibre cables.
Perhaps more troubling than the aforementioned events is the announcement in June by the US administration, which declared it has inserted malware into Russia’s power system and other infrastructure targets in a classic mutually assured destruction cold war tactic after several reported Russian cyber-incursions into the US power and other infrastructure sectors. Russia is not alone in being singled out for cyber-operations by the US and its allies; China, North Korea and Iran have also been identified and it is understood these countries, over the last couple of months, have been aggressively pursuing cyber-incursions into each other as political relations continue to sour.
For infrastructure investors, this is indeed troubling. State-sponsored groups operate on a much higher level of sophistication than average criminals and, as such, infrastructure companies are reliant on their respective governments to provide support and protection.
Therefore, there needs to be a well-coordinated effort between government and infrastructure investors. However, depending on the country, the working relationship between a government and the respective infrastructure sectors may not be so seamless due to secrecy and/or bureaucracy. As a result, some infrastructure investors may be left uncomfortably exposed – certainly more than they would like to be. Furthermore, infrastructure investors may also be left unprotected financially unless they have an insurance policy against cyber-attacks which specifically addresses the risk of a nation-state attack. It is imperative that infrastructure investors fully understand their exposure and the extent to which insurance can mitigate their risks.
In conclusion, state-sponsored cyber-operations against infrastructure companies is a relatively new and growing dimension to the political/technological risk spectrum. Infrastructure investors must now proactively address and work with their respective governments in an attempt to minimise risk – or become caught in the crossfire.
Jeffrey Altman is a senior advisor at Finadvice.