Europe’s Baltics are bracing for cyberattacks as they plan to decouple from a Soviet-era joint power grid with Russia and Belarus in 10 days’ time.
Lithuania, Latvia and Estonia will flip the switch on Feb. 9, disconnecting themselves from a regional electricity grid known as BRELL, and will switch to a European Union regional network instead. The move has been years in the making — but now that the time has come, security officials are bracing for retaliation from Moscow.
“Estonia has prepared for many possible risk scenarios regarding our departure from BRELL, including cyberthreats,” Gert Auväärt, head of Estonia’s Cyber Security Centre, told POLITICO in a written response. He said the country is ready to call in its cyber reserve, which includes the Estonian Defence League’s cyber unit, a volunteer group of cyber defenders.
His agency has advised energy companies on how to prepare and has experts on hand “24/7” in case of a serious incident, Auväärt said, adding Estonia is working with Latvia and Lithuania on the threat.
Žygimantas Vaičiūnas, Lithuania’s energy minister, said in an interview he expects the switch to be a “smooth process,” but that authorities are nonetheless “prepared for even the worst-case scenarios on the technical level.” A spokesperson for Lithuania’s Energy Ministry said it has taken “additional actions and plans to increase our preparedness.”
Erkki Sapp, member of the management board of Elering, Estonia’s state-owned gas and power grid operator, said it had taken extra precautions such as removing virtual private network (VPN) access for external companies that maintain its systems. The Estonian state “has prepared and takes this very seriously,” he said.
It’s not just cyberattacks the Baltics are preparing for: Sapp said the grid operator was “limiting access to [their] premises,” while Vaičiūnas added Lithuania had set up new “anti-drone systems and … physical protection barriers” around key energy infrastructure.
Baltic energy operators “should absolutely batten down the proverbial hatches,” said Joe Marshall, senior security strategist at Cisco’s Talos cyber threat intelligence division.
“Russia is one of the few nation states on Earth that has actively meddled in the power grids of another sovereign nation,” Marshall said. “They clearly have the means, the capability, the knowledge to conduct [such] a cyber operation … that [fact] can never be overlooked, unfortunately.”
Russian state-linked hacking groups have ramped up cyberattacks against Ukraine’s energy system since Moscow’s full-scale invasion in 2022, but lately have also extended that campaign to the rest of Europe, especially the eastern and Baltic countries, cyber researchers have flagged.
Moscow has even deployed one of its most elite hacking groups, known as Sandworm, to that task, according to Google. “Actors like Sandworm who have taken down the grid in Ukraine have also been probing the rest of Eastern Europe for years … They shouldn’t be taken lightly, especially now,” said John Hultquist, chief analyst at Mandiant, Google’s cyber defense and threat intelligence firm.
As the Baltics take a deep breath before the plunge, they are also battling suspected Russian sabotage of subsea energy and data cables in the Baltic Sea.
At a press conference this month announcing a new NATO program to tackle that problem, Estonian Prime Minister Kristen Michal said he suspected the ramped-up attacks on those cables are Russia’s way of reminding its Baltic neighbors that, despite their departure from the electricity system, it still looms large.
It “probably could be [the] intended message that the Baltics and Nordics do not live well and do not work well without Russia’s embrace,” he said.
“We will decouple anyway … because Russia is not a reliable partner.”
The post Baltics brace for cyberattacks as they depart Russian electricity grid appeared first on Politico.
