Potential damage: "Most notable was one [attack] in Ukraine in December 2015. It left roughly 230,000 people without electricity for about six hours during one of the coldest months of the year."
We still operate with a primitive homunculi where a gunshot is considered aggressive, but sabotaging infrastructure that can kill hundreds from cold is being waved at.
Which, with the current zeit geist, should really be minimized to almost zero
What stopa the execution of legal system? The claim that we cant know 100% of the facts.
In reality, theres little to dispute with the facts. Theres simply groups of true believers and those who think we need more clarity.
Those two forces alloq the continuation of violations
1. They outsource it
2. It rarely has clear red flags, eg "Putin's IP showed up on our PC before the virus"
So, I'm generalizing the argument about why direct action rarely occurs: It's because even if theres a great deal of evidence, the fuzzy logic required to say "this is statistically true" is rarely used.
Thankfully, the article did clear that up, but the fact that my brain didn't even think, "that's a stupid idea that no one would buy that" is a bit depressing.
BTW, I would have zero interest in that feature.
I wonder if there is any symmetrical response to this happening. How about unleashing psy-ops and "Western trolls" in Runet? Is Europe in purely defensive mode?
The lack of political will to create and fund covert offensive operations over the internet.
Russia has had this down for _years_, it's not illegal to hack non-Russian targets, so people do it. They have command and control systems where they can give out tasks like "find me vulnerabilities for Siemens XYZ hardware" and then a team will pick that up and do it.
They also practice infiltration, exfiltration and coordination with their attacks. Every kiddie can get in with maximum noise, the truly skilled ones get OUT without leaving any definite traces.
And I'm not talking out of my ass: https://youtu.be/jbIR7YVAYnc - I'm talking out of Marina Krotofil's ass, she's been investigating and dissecting this for a long time.
Why not?? Is Russia's grid infrastructure so old as to not be as vulnerable?
Since the start of the war, Russia will rather admit incompetence (a soldier was smoking next to an ammo depot) than admit Ukraine succeeded in a military objective.
> It "involved an attempt to disrupt communication between generating installations and grid operators across a large area of Poland".
I doubt we will have all details, but I suspect this kind of communication occurred over the Internet (hopefully, at least a VPN).
Also, even completely airgapped networks are not 100% secure, if you can install a device or convince someone to do it by accident (social engineering).
On the bright side, using these weapon grade malware is burning exploits and also showing current state and techniques of Russian cyberwarfare which defender can learn a lot from.
Or perhaps they used an already-known malware to measure defensive capabilities without showing any of their cards.
This is vastly different to real world military systems, where there are a lot more variables and no guarantees - i.e. countries have limited numbers of air defense systems and missiles, the missiles have finite non-zero flight times, the physics of detection systems and sensors are not absolute etc.
The real world is just more complicated, so the value of buzzing someone's airspace reveals a lot more information then "huh, guess they didn't click on that email".
Not that it matter anyway at all... since there aren't any major rivers separating Poland and Ukraine to begin with.
It is totally fair to say that in a digital context, Russia is absolutely at war with Europe.
As far as I can tell, they don’t even try to hide it.
To be specific consider how many lies have been told by the American mainstream media around the narratives of Iraq, Afghanistan, Israel, Syria, Libya, etc. Israel has the most surveilled and well defended border in the world, the Mossad is sophisticated enough to launch pager attacks to decapitate Hezbollah leadership, yet somehow they got caught with their pants down and Hamas combatants could raid their country for 12 hours without a response. The US also had funded Osama bin Laden in the 1980s, knew Al Qaeda was plotting another attack on the WTC, and the Neocons in the Bush administration wanted a new Pearl Harbor as outlined in the Project for a New American Century.
Russia is not uniquely or even particularly evil here, it's entirely rational for them to not want a major neighbor to join an enemy alliance. Look at how America has treated Cuba for decades. People should stop being so naive.
[0] https://www.rt.com/news/265399-putin-nato-europe-ukraine-ita...
[1] https://www.buzzfeednews.com/article/ilanbenmeir/that-time-t...
Certainly more successful here than in Ukraine, for what that's worth. I don't think it's a foregone conclusion but they've certainly succeeded here a lot more than in Ukraine.
First link in English I found: https://balticsentinel.eu/8394326/wikipedia-s-baltic-battle-...
Eversince notpetya and the colonial pipeline hack, the cyber strategy game changed a lot. Notpetya was genius as a deployment, because they abused the country's tax software deployment pipeline to cripple all (and I mean all, beyond 99%) businesses in one surgical strike.
The same is gonna happen to other tax software providers, because the DATEV AG and similar companies are pretty much the definition of digital incompetence wherever you look.
I could name other takedowns but the list would continue beyond a reasonable comment, especially with vendors like Hercules and Prophete that are now insolvent because they never prioritized cyber security at all, got hacked, didn't have backups, and ran out of money due to production plant costs.
I'm not sure whether Johnson or Nixon (during periods of sobriety of course) were considering directly attacking Russian territory because of that...
That was in local news this weekend. I know about it because I'm responsible for another city heating network, we take security pretty seriously. All devices are in vpn and if someone outside needs to login remotely, he is granted access only for the time needed, so window for actually worming the network through vendors is very small. All staff accessing the system has computer security training. But not every heat provider operates like this, some small ones (like the one affected) are a little more sloppy.
Imagine the power grid fails in an entire city for 48 hours. How many apartments or shops have backup power for 48 hours? What about hospitals or cellphone towers or traffic lights?
How long before someone cannot make a 911 call or hits another car at night or dies in intensive care because the machines don’t work anymore? What about all the food in a refrigerator, or CCTV cameras, or POS payments or a thousand other things? And if sometimes physically fails, how long before a technician (who was himself relying on that power grid) is able to reach the place, carrying whatever spare part they have, and fix the thing?
Or, take a dam. I’m no dam expert, but how long does it take before a flood happens? And when water starts flooding the streets, how long before people can’t get out of their homes, cars are swept away, and so on? How long before standing water starts carrying diseases?
If they succeed they may well not be reversible. The question is if this had succeeded would we have shrugged it off again or responded appropriately?
Stuxnet destroyed centrifuges. It does not seem impossible that a sophisticated attack could shred some critical equipment. During the Texas 2021 outage -they were incredibly close to losing the entire grid and being in a blackstart scenario. Estimates were that it could take weeks to bring back power - all this without any physical equipment destroyed or malicious code within the network.
Edit: Had to look it up, the Texas outage was "only" two weeks and scattershot in where it hit. The death toll is estimated at 246-702.
The fact that the Texas outages killed anyone is a testament to the fact that the USA is, apparently, a developing nation, possibly going through a rough patch.
It’s not like there wasn’t enough generators or fuel in the nation to ameliorate that crisis. It was that, like all developing nations, resources are not available at the point of need despite their widespread availability.
Yes, there is the risk of cascading failures, some industrial processes are very hard to re-start once interrupted (or even impossible) and the lead time on 'some transformers' can be a year or more. These are nothing like the kind that you can buy at the corner hardware store. A couple of hundred tons or so for the really large ones.
Grid infra is quite expensive, hard to replace and has very long lead times.
The very worst you could do is induce oscillations.
Bloomberg had a decent article[0] about transformers and their lead time. They're currently a bottleneck on building. It wasn't paywalled for me.
"The Covid-19 pandemic strained many supply chains, and most have recovered by now. The supply chain for transformers started experiencing troubles earlier — and it’s only worsened since. Instead of taking a few months to a year, the lead time for large transformer delivery is now three to five years. " [0]
[0] https://www.bloomberg.com/features/2025-bottlenecks-transfor...
Vietnam too.
The counter-strategies that the British used to defend against German strikes included "switch off all the lights at night so they don't know where they are" and "order newspapers to lie about which part of the city was damaged in order that spies reading British newspapers and reporting back to HQ said missiles fell short/went too far, causing HQ to incorrectly compensate on the next strike". I don't know if the reverse was true, despite now living in Berlin.
Everyone's supply chains were also much shallower, and equipment much cruder and therefore easier to make (though also less efficient). Half of London or Berlin losing electricity makes a much smaller difference when far less was electrified in the first place, e.g. loss of electricity for a heat pump doesn't matter so much when the terraces and apartment blocks have internal fireplaces and regular coal deliveries.
Also re Vietnam, it took until 1997 to return to the per-person energy use it had in 1970: https://ourworldindata.org/profile/energy/vietnam
And until 1993 to reach the not-adjusted-for-population level.
And the electricity graphs don't even go back far enough to see what that war was like, that's all energy.
If you succeed in attacking the grid, you achieve the same widespread industry impact, without the cost of the munitions.
It can take decades to recover from a cyber attack like this, if it succeeds.
These attacks are widespread, damaging, and the repercussions are felt for decades in their wake. We _are_ being carpet bombed, and the costs for the victims are ongoing and growing. The collateral damage is everywhere.
Do you really think there's no impact?
> Cyber units from at least one nation state routinely try to explore and exploit Australia’s critical infrastructure networks, almost certainly mapping systems so they can lay down malware or maintain access in the future.
> We recently discovered one of those units targeting critical networks in the United States. ASIO worked closely with our American counterpart to evict the hackers and shut down their global accesses, including nodes here in Australia.
> https://www.intelligence.gov.au/news/asio-annual-threat-asse...
It seems as if the European war has been pushed to the background recently, and most people kind of forgot about it. If you walk down the streets of Paris or Berlin does it look like it’s wartime, do people talk about it much, do they share the latest front news and so on?
Like what exactly would you want them to do? Run around screaming all day because there's a war in another country 2000 km away from them?
No, people just go on with their lives, doing their jobs, taking care of family and friends, paying their taxes, so that specialized workers in the ministry of defence can take care of the war stuff for them. That's how modern society works.
It's even similar in Kiev, when you walk down the streets you see people living their lives. Gyms, bars, cafes, clubs are full and lively. People don't stop living and enjoying their daily lives just because there's shelling somewhere else in the country.
While it's true to a certain degree, you make it sound like Kyiv residents are having a grand old time right now. But in reality, the majority are trying very hard to keep from freezing to death as Russian attacks targeting their power and heating infrastructure have destroyed much of it.
I am not. You choose to interpret it that way.
> Like what exactly would you want them to do? Run around screaming all day
And I didn’t suggest they should “do something or other” I was wondering what the situation was since I am not there in person and figured enough HNers might be.
And "enjoying their daily lives" diminishes real tragedies of Ukrainians' daily lives.
I agree. However if we talk about Kyiv, I'd like to remind you that electricity is available 2-4 hours per day, in some regions there has been no water nor heating for the last week. Everyone I know are extremely stressed, and if anyone visits their gym, it's not to enjoy life, but to not slip into total despair.
There's also occasional anti-NATO "stop the war" marches, and some longer-duration pro-Ukraine vigils above the Brandenburger Tor U-Bahn station.
Next is Moldova.
Then Latvia and Lithuania.
Then Estonia and Northern Finland/Norway.
Then Romania and Bulgaria.
Putin has already said many times that he intends to rebuild the Russian empire to its zenith.
If someone makes tanks with paper for armour, because it cuts costs, they are to blame if those tanks catch fire.
It's fine to have this view that software should be defect free and hardened against sophisticated nation-state attackers, but it stretches the meaning of "defect" to me. A defect would be serving to fulfill that utility it had been designed for, not succumbing to malicious attackers.
because this is the kind of stuff infrastructure things do, along with MANY other things. Im sure not all infrastructure does it, but plenty do.
This is not hardening, its BASIC security. any scriptkiddie from same country could find it and cause problems.
How far would you say they should go to stop domestic script kiddies from messing with it? and if script kiddies from other countries mess with it, is it now cyber warfare?
I’ll therefore decline to comment on your assertions. I will acknowledge it’s time to consider Russian interference as expected if you are designing an internet connected system, fine, but it looks like it’s non trivial to fatally compromise these systems already.
I am not saying whether russians are doing it or not, im just saying that its not just victim blaming, and that anyone operating with this level of security is grossly negligant and should be severely punished as criminals
so lets turn this logic around on those megacorps that leaks personal data, suppose they run an open postgres or mongodb with ALL the customer data, no password or default password, on the open ipv6, is it victimblaming to go after them for this? after all, its the big bad criminals that stole the data?
the truth of the matter is that yes, the ones that take the data are criminals, but so are the one that doesnt take proper pracautions.
Have you actually seen how these infrastructure things operate? many of them have open scada systems directly coupled to the internet. Many of them have sms gateways that just accepts messages from _ANY_ phone number to issue shutdowns.
I know because I have been brought in to look at some of those things as a consultant
It's the Russian doctrine
Keep the population of hostile countries uneasy at all times, destabilise a bit here and there, help them argue about stupid identity politics instead of focusing on things that actually matter.
When people become complacent about Russians poking around here and there, breaking in and not doing anything etc - then when they actually need to act, the defence will be lukewarm.
Naaa, better continue to have Germany and France continue to destroy the Union by looking only at their self interests while they pretend to talk tough on Trump and sabotage any real internal changes so that they can keep their crumbs.
Just this week, France’s meddling halted a deal that was 30 years in the making: Mercosul while their president, in all his virtue signaling went on Davos to pretend to have the moral upper hand on the USA.
We’re a union of hypocrites. And France and Germany are the worst of them.
Mercosur would actually be Polish complaint to the EU Court of Justice (CJEU)
https://www.visahq.com/news/2026-01-22/pl/polish-meps-spearh...
Any actual EU members are in principle protected by this, even if they aren't NATO members. Whether or not EU countries being in NATO diminishes their ability to act without US consent is debatable and I lean towards saying NATO's joint command essentially sets article 42 cooperation up to fail.
That's the difference between Ukraine and the other countries on Putin's list though: Ukraine wasn't in the EU or NATO, and for all intents and purposes had no allies.