The European energy crisis, or when hackers’ eyes light up

Europe has been facing an energy crisis for months. The details and possible causes have been widely reported in the press. However, it is worth drilling deeper into what is happening.

It is difficult not to accept as possible – or even logical, from your point of view – the scenario that Russia, at least, is not annoyed by this turn of events.

It is obviously just a coincidence that one of the key pipelines for gas supplies from Russia to Europe,

the Yamal-Europe pipeline to Germany, has been flowing backwards, i.e. towards Russia (!), for weeks at the Mallnow measuring point on the German-Polish border.

Among the reasons, it is hard not to think that this could be linked to delays in the commissioning of the long-completed Nord Stream II pipeline in Germany, or to the EU sanctions against Russia in the event of an attack on Ukraine.

Well, after the “big picture”, let’s drill down! Let’s also look at the electricity – and possible cyber security – aspects of the situation.

First of all, it is perhaps not too much to say that

what is happening could be seen as a hybrid war on the “European battlefield”,

in which natural gas could be the primary weapon. Of course, another tool is the intensive communication that is going on in parallel.

(Electricity) energy in general is also a desirable (hybrid) war target. European countries are “heavily” affected by the shortage of natural gas supplies. It is part of the now ‘professional big picture’ that, as it is, it is winter, when, in addition to the higher gas consumption, there is (much) lower production from solar and sometimes wind power. This is something that natural gas-based generation should largely make up for.

With prices spiralling out of control, coal-fired power stations, which are much more expensive because of the cost-increasing effect of the penalty imposed by the EU decarbonisation target, have suddenly become competitive. However, the lower revenues from less frequent use and the ageing, less modern equipment, including obviously ICS (and the skilled, even underpaid, staff operating them), also bring risk to the European electricity system. As we know, the security of a system is determined by the security of its weakest link.

The current situation is not a dream come true for system operators either. Compared to the usual operation during last year’s winters, we now have a stretched electricity system with hectically changing operating conditions to “manage”. The energy mix available has changed radically, with one of the elements, natural gas, bringing only horrendously high prices for generating capacity.

And at the moment, the situation is even good!

But what happens when it actually turns into winter?!

What if the ever more hectic polar vortex manages to make its way to Europe?! And this cannot be ruled out. Think of what happened in the US last winter, when states such as Kentucky, Mississippi, Alabama and Oklahoma were hit hard. And even Mexico! None of these states are particularly northern…

What if the possible hard frosts cause disruptions in the supply of main fuel for European coal-fired power plants?!

What if the stormy, freezing winds – especially if they are exacerbated by some sleet – cause massive line breaks and column ruptures?!

What if, in some countries, the n-1 principle cannot be adhered to (thus weakening the resilience of the European electricity system)?


what if an APT* attacker has the time and/or intention to choose the worst moment for the “victim”?

As in the case of the cyber attacks on Ukraine in 2015 and 2016, when the attacker (who?…) struck just before Christmas in both cases – on 23 December and 17 December respectively.

To choose the right time of attack, an APT attacker can – with a bit of know-how – make good use of, for example, public data from commodity exchanges. Attackers also thank the system controllers, including e.g. the natural gas system controllers, for making it possible to monitor load conditions in real time.

It would be a serious mistake to underestimate the technology-side knowledge of an APT attacker. For example, it was a matter of a hair’s breadth to penetrate SIEMENS SIPROTEC defences during the 2016 attack in Ukraine…

The possible – but by no means impossible! – European state of operation

outlined above offers an APT actor the possibility of a cyber-attack with potentially catastrophic consequences.

And if we accept that Europe is a hybrid theatre of war, why would an APT attacker not use cyber-attack as an important element of the hybrid warfare toolbox?!

Given the huge Russian-US (and EU) differences, the possible failure of the talks launched on Monday could make matters worse. Judging by the bellicose Russian statements in the days leading up to the talks, it is to be welcomed that the Russians did not leave the negotiating table on Monday…

In the light of the above, all we can do is wish all our readers a very happy and sunny day!

Except for those who might think more deeply about what I have written…


Thanks to Gábor Decsi for his advice on this post!

* APT: Advanced Persistent Threat. In daily practice, the term is used to describe state-sponsored attack groups.



Messages either agreeing or disagreeing with the above are welcome. For example, a response to these in a new post could even lead to a substantive exchange of views.

Translated by DeepL.