Who is really behind the attack on the train? In an interview, crisis expert Frank Roselieb explains why he doesn’t think Russia is the originator, where the weak points of our critical infrastructure lie and why the energy transition offers great potential for attacks.
FOCUS online: Who could have been the cause of the sabotage action in your eyes?
Frank Roselieb: The range of perpetrators is currently still quite wide and will remain so without a letter of confession. This attack differs from previous attacks in two ways in particular.
Firstly, unlike most hacker attacks on critical infrastructure, it was not carried out remotely, but on site and at the same time well coordinated in Berlin and North Rhine-Westphalia.
Secondly, it bears a typically left-wing handwriting and in terms of modus operandi is roughly comparable to the attacks on the cable systems of the Berlin S-Bahn in September 2019. At that time, militant left-wing extremists claimed responsibility for the attack via the internet platform indymedia.org.
Now save articles for later in “Pocket”.
How likely do you think it is that Russia is behind this?
Roselieb: I still don’t have sufficient evidence of a Russian attack. The attack was also not sustainable enough. After almost three hours, rail traffic in the north started up again.
When Russia or Russian-related institutions carry out attacks, they have more serious consequences – like in April 2007, for example. At that time, Russian hackers associated with the pro-government Russian youth organization “Nashi” paralyzed large parts of the Internet in Estonia for several days using DDoS attacks.
Business transactions there, which were heavily digitally supported, and almost all communication collapsed. Violent riots also broke out in Tallinn for several days.
Power plants, pipelines, substations: where are the trouble spots in our critical infrastructure?
Roselieb: Basically, there are three points of attack: First, the central control systems. In September 2010, for example, this was the aim of the Stuxnet sabotage software, which allegedly had its sights on the “Simatic” control technology from Siemens in Iranian nuclear plants.
Second, social engineering. Here, the “human factor” is exploited as a weak point in order to obtain access codes or security-relevant information. The entire spectrum is used, from targeted “spear phishing” to typical “CEO fraud”.
And third, the physical attacks. The attack sites are usually beyond the well-protected main locations of the critical infrastructure – i.e. more near the transmission line in the forest than directly on the site of the gas power plant.
Frank Roselieb is Managing Director of the Crisis Navigator – Institute for Crisis Research, a spin-off from the University of Kiel. For more than 20 years he has been dealing (almost) exclusively with crises, conflicts, scandals and catastrophes in research, teaching, consulting and training. During the corona pandemic, he sat on the ten-strong expert committee of the Schleswig-Holstein state government and was an expert on state disaster management and official crisis communication in the “Flood Disaster” investigative committee of the Rhineland-Palatinate state parliament.
What would be the consequences of an attack for the citizens?
Roselieb: The effects on citizens depend very much on the subsequent crisis management. Extensive crisis prevention alone will not get you very far with decentralized systems. Rather, the transmission system operators, for example, are in permanent crisis management to keep the frequency of 50 Hertz stable in the grid.
From this perspective, the attack on a single line or a single power plant alone cannot cut off the energy supply. In addition, there are usually other errors or accidents, such as in November 2006.
At that time, around 10 million households in Europe – from Germany to the Netherlands and France to Spain – sat in the dark for up to two hours late on Saturday evening however, failed due to poor planning and ended in a blackout.
How well is the critical infrastructure protected in Germany?
Roselieb: We differentiate between core protection and environmental protection. When it comes to core protection – i.e. access controls, the planned technical redundancies or the security check of the staff – we are comparatively well positioned.
However, we are worried about the decreasing redundancies – i.e. declining alternative technologies. Eliminating proven supply technologies such as coal, gas and nuclear from the portfolio and focusing entirely on solar, wind and water may be ideologically sound, but it is not particularly intelligent from a security perspective.
Why this?
Roselieb: Then there is simply a lack of sufficiently reliable alternatives – regardless of whether the nuclear power plants have no cooling water in the summer or the wind turbine is at a standstill during the windless winter high (“dark doldrums”).
Perhaps the Russia-Ukraine war will cause a “cleansing thunderstorm” in the minds of those responsible at the last moment. With regard to environmental protection, we have been observing a continuously decreasing protective cover for around ten years.
Both during the Cold War of the 1980s and again in the early 2000s after the terrorist attacks in the USA, it was part of the standard repertoire of the German security architecture to pay special attention to tank farms, railway facilities or power plants – for example to carry out regular patrols or the location of to plan accordingly for Bundeswehr locations.
Even the dismantling of the Bundeswehr after reunification initially changed little. A cutback only followed with the suspension of general conscription in 2011. From then on, the Bundeswehr was trained more and more for foreign mandates and less for homeland security.
In addition, there was a dangerous 180-degree turn in the heads of those responsible – away from concerns about the dirty bomb on the high-voltage pylon to concerns about the tricky cyber attack on the control center. That could have been a dangerous mistake.
Against the background of the current political situation: Do we have to expect further attacks on our critical infrastructure in the near future?
Roselieb: Actually, the logic of warfare – whether by states or terrorist groups – hasn’t really changed. The aim is always to cause as much damage as possible with as little effort as possible, or at least to sow lasting distrust in those in government.
The critical infrastructure is ideal for this, because today comparatively few central units supply a large number of people at the same time and the degree of self-sufficiency in highly developed countries such as Germany is much lower than in remote parts of Russia, for example.
I doubt whether more foreign political actors will actually be behind such attacks. Rather, it is often domestic free riders who use the current mood for their own interests.
For example, the militant left-wing extremists who carried out the attacks on the Berlin S-Bahn cable systems in September 2019 referred to “Fridays for Future” in their letter of confession. Apparently, they tried to attach themselves to prominent protest movements with positive media perception in order to upgrade their own, often borderline, ideology and to gain further supporters.
In your opinion, what needs to be done to prevent such acts of sabotage in the future?
Roselieb: First of all, there has to be a rethink in people’s minds. The public still has the image of the “green Robin Hood” or “small crime by school children” when alleged “climate activists” want to paralyze airports with balloon actions, block important main roads with superglue or force entire power plants to shut down by climbing chimneys.
This has nothing to do with alleged civil disobedience. These are very targeted, criminal acts of sabotage on the critical infrastructure, which have devastating consequences – and by no means “dumb pranks”.
Secondly, the focus of prevention is currently too much on cybercriminals. However, their attack vectors can usually be localized well and the damage can often be repaired comparatively quickly.
Physical accidents often cause much greater, longer-lasting damage – as in February 2019. Because an excavator cut two parallel cables during construction work on a Spree bridge, around 31,000 households and over 2000 companies in the Berlin district of Treptow-Köpenick were without electricity and often without water, heating and mobile communications. Although it was immediately known exactly where the damage had occurred, the repair and the blackout took more than 31 hours.
So what do we learn from the incident?
Roselieb: In the future, it will be necessary to have even more decentralized repair teams for the critical infrastructure, just like Deutsche Bahn does with its emergency management. And we should not lose sight of the “single point of failure”.
It is still often argued that the approximately 3,000 decentralized wind turbines in Schleswig-Holstein are much more difficult and expensive to attack than the three central nuclear power plants in the northernmost federal state used to be.
What is overlooked is that the transport of electricity to the south – unlike in the past with nuclear power – will soon be bundled via the two Suedlink routes from the Schleswig-Holstein North Sea coast to Großgartach in Baden-Württemberg and Bergrheinfeld in Bavaria. This means that wind energy, which has been praised as decentralized, is suddenly once again vulnerable to central attack.
We call this “kill switches” in crisis research. Such attacks did not work in the past, because the decentralized nuclear power plants and coal-fired power plants were located in the south – without long transport routes from the north.
In Russia, people have had to do without some amenities for months. The country is being deprived of numerous goods as a result of the sanctions imposed in the course of the invasion of Ukraine. But thanks to the “grey market trade”, some products still end up in the markets – even from Germany.
Vladimir Putin is coming under increasing pressure in Russia. Fierce disputes following the recent defeats in the Ukraine war are dividing the president’s power base. “Putin will probably be gone soon,” says historian Harold James. But that doesn’t have to mean only good things.
Bundeswehr General Carsten Breuer has warned of increasing attacks on infrastructure in Germany. The satirist Jan Böhmermann also pointed out a gap in German cyber security after the sabotage at Deutsche Bahn. The focus is on the Russian secret service.
