Thursday 21st September 2023

(1 year, 3 months ago)

Lords Chamber
Read Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Arbuthnot of Edrom Portrait Lord Arbuthnot of Edrom (Con)
- View Speech - Hansard - -

My Lords, the noble Baroness, Lady Kennedy, mentioned the variety of topics that had been covered in this vital debate. Of course, she was right, but so often we come back to the horror of Russia’s behaviour, as the noble Lord, Lord Alton, just has, in relation to the children and to Bucha.

I will cover another aspect of Russia’s crimes. In doing so, I declare my interests as set out in the register, particularly as a member of the advisory board of the Electric Infrastructure Security Council in the United States. One of the major features of the war in Ukraine has been the relentless attacks by Russia on Ukraine’s electricity infrastructure. It is a new facet of war, of which every country needs to take note. As the noble Lord, Lord Owen, reminded us, those attacks began not in 2022 but earlier: with the invasion of Crimea. On 23 December 2015, Russia hacked the power grid in two western oblasts of Ukraine, which resulted in power outages for about 230,000 consumers for between one and six hours. This was carried out by a Russian advanced persistent threat group known as Sandworm, which the USA has identified as Unit 74455 of Russia’s military intelligence agency, the GRU.

It is thought to have been the first publicly acknowledged successful cyberattack on a power grid. Very fortunately, the Ukrainian power distribution companies had a very effective set of firewall and system logs that allowed them to reconstruct events. That is perhaps unusual for any corporate network. We have to ask ourselves whether our own critical national infrastructure has such robust logging capabilities.

The 2015 hacking was carefully planned. It began with spear phishing attacks in 2014, targeting IT staff and using vulnerabilities in Microsoft Word. It then involved mapping the whole of the network and getting access to the Windows domain controllers and the uninterruptible power supply. They hijacked virtual private networks and got control of the supervisory control and data acquisition system—SCADA—that gives access to the power grid, allowing the attackers to rewrite the grid’s software so that it could not be recovered. Then they carried out telephone denial-of-service attacks on the customer call centres to prevent customers calling in to report the outage. In military terms, it was a combined arms attack of great force.

In 2016, Russia did it again through an automated attack using malware called Industroyer. As in 2015, Ukrainians regained control within a few hours by reverting to manual operations. In 2022, Russia launched cyberattacks called Industroyer 2 on the electricity system, alongside its full-scale military attacks. But on this occasion the Russian hackers tried not only to turn off the power but to destroy the computers the Ukrainians use to control their grid, making it impossible to bring power back online using those computers. With Russian soldiers nearby, it was harder to send out a truck to bring back a substation online. Nevertheless, by this time, Ukraine had had the advantage not only of repelling the Russian military advances but of having spent eight years repelling Russian cyberattacks. As in so many things, Ukraine had become better at it than Russia.

But in October last year, Russia began to launch missiles against the physical power infrastructure of Ukraine. This is a contravention of international humanitarian law and of Additional Protocol 1 to the Geneva conventions. Somehow, Ukraine managed to keep the grid from collapsing. It did that through scheduled power outages in some cities and towns, so that consumers were disconnected for predictable four-hour blocks three times a day, giving electrical engineering crews time to make repairs.

Ukraine set up “points of invincibility”, often tents, with generators where you could get a cup of tea or recharge your telephone. Also, Ukraine has joined the European power grid. This was meant to happen in 2023 under an agreement made in 2017. Under that agreement Ukraine, with the agreement of Russia, was going to disconnect from the Russian supply for a few days in mid-February 2022 to prove that it could operate autonomously. Within hours of Ukraine temporarily disconnecting from the Russian supply, Russia invaded. Luckily, Ukraine had suspected that something like that might happen, had secretly moved their main control room to an undisclosed place in the West and were able to join the European grid on 16 March 2022, a year and a half ahead of schedule. This is only a partial answer to the issue because the price of European electricity is higher than Ukraine can afford without help.

By December last year, about half of Ukraine’s power generation had been destroyed. Recovering that capacity will be a key part of rebuilding Ukraine. It will require equipment that is already in high demand. An international attempt to find large autotransformers to replace those destroyed by Russia sadly produced only a few, two of which are still moving slowly through Poland and are expected to arrive in the early autumn of this year. Ukraine’s current objective is to have 68% of the energy sector back online this month, up from 51% in early August, but it will not be easy. Russia tries to hit substations as soon as they are repaired, so Ukraine is working to build protective structures over them. It may well be that the lull in current attacks on the power grid is caused by Putin stockpiling ammunition to hit it again this winter.

We can be proud of what the UK has done to help Ukraine during this most terrible of times. We have been providing training for Ukrainian soldiers which, clearly, they have found extremely valuable. But the time is coming when the boot will be on the other foot. It will be the Ukrainians who will have the most recent experience of war fighting and the greatest knowledge of how our enemies are likely to behave. We must be open to learning from them. One of the greatest areas of their expertise and of their, and our, vulnerability, is the war now being carried out in the power sector. All the technology on which we are completely dependent runs on electricity. We neglect its vulnerability at our peril.