In early October, the Baltic Connector, a 48-mile undersea Finnish-Estonian gas pipeline, experienced a sudden drop in pressure and was subsequently shut down. A telecommunications cable connecting Finland and Estonia also was found to be damaged. After further investigation, the Finnish government believed the damage to be “human made,” likely caused by an external force that was mechanical in nature, but not an explosion.
This has prompted speculation about whether the occurrence was an act of seabed warfare, operations to, from and across the ocean floor. According to The Guardian, Finland has said it could not exclude the possibility that a “state actor” was behind the damages, considering that the Nordic country’s relations with Russia have “significantly deteriorated” since Finland joined NATO in April. Russia’s invasion of Ukraine and related sanctions have also caused tension between the two countries.
Although Finnish officials are hesitant to overtly blame Russia before the investigation is finished, they are not ruling out sabotage.
Such attacks have demonstrated how infrastructure, which is so critical to daily life and well-being, can be considered a weak spot where political tension and warfare is concerned. And in an increasingly digitized world, infrastructure risk goes beyond bombing. It can also take the form of the more silent — but no less potent — cyberattacks.
In August, a top U.S. cyber official warned that Chinese hackers have been positioning themselves to conduct destructive cyberattacks on U.S. critical infrastructure, according to NBC News. In an Annual Threat Assessment published in February, the national intelligence director’s office said, “China almost certainly is capable of launching cyberattacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines and rail systems.” This echoes other concerns voiced by tech giants, such as Microsoft, that hackers affiliated with the Chinese government were targeting critical U.S. infrastructure. Chinese officials, however, have denied state-sponsored hacking and instead claim that China is itself a frequent victim of cyberattacks, even by the United States.
In February, the Government Accountability Office (GAO) released a high-risk report identifying 10 critical actions for addressing federal cybersecurity challenges. Specifically, GAO pointed to the U.S. grid’s distribution systems, which carry electricity from transmission systems to consumers, as being increasingly at risk from cyberattacks. Distribution systems are growing more vulnerable, in part because of industrial control systems’ increasing connectivity, and as a result, multiple techniques can be used to access those systems.
Bolstering physical infrastructure against attack is a no-brainer, but it seems when it comes to cybersecurity, the uptake has been notably slower. GAO said it has made 106 public recommendations for bolstering the U.S. power grid security since 2010. However, nearly 57 percent of those recommendations had not been implemented as of December 2022. If recommendations are not taken seriously, the consequences could be dire. A report from Waterfall Security states in 2022 alone, a 140 percent surge in cyberattacks against industrial operations resulted in more than 150 incidents.
Attacks that affect operational technology can have real-world consequences, such as flight delays, outages at manufacturing and critical infrastructure companies, and malfunctions associated with loading and unloading cargo containers, according to Security Intelligence. Add political tensions to the mix, including ongoing tensions ramping up in the Middle East, and it calls into question the state of critical infrastructure on land, sea and in cyberspace. How great that risk will be, what form it will take and what implications it will have for the rest of the world remain to be seen.
Kali Persall is editor of Institutional Investing in Infrastructure.