BY MICHAEL EISENSTEIN // ILLUSTRATIONS BY DAN PAGE
Threats to cybersecurity loom large in today’s world, putting us all at risk of being exploited by bad actors. Whiting School experts are focused on spotting cyber vulnerabilities and defending against them—a never-ending task, where the villains’ tactics are evolving just as rapidly as the technology they exploit.
German Power company Enercon operates an array of 5,800 wind turbines that can generate up to 11 gigawatts of power when operating at full capacity. But on the morning of Feb. 24, 2022, those turbines went silent.
The timing—the same day Russia began its invasion of Ukraine—was not a coincidence. “They’re all connected to a satellite station that was interfered with by Russia as part of this conflict,” says Gregory Falco, an assistant professor of civil and systems engineering and a member of the Johns Hopkins Institute for Assured Autonomy. The evidence suggests that the attack was primarily focused on disrupting Ukrainian lines of communication and that Enercon’s turbines—which were controlled by the same satellite—were merely collateral damage. “The communication window was shut down, so it couldn’t communicate with the turbines, and the turbines died,” says Falco.
These kinds of cyberattacks are now part and parcel of modern espionage and conflict, notes Anton Dahbura PhD ’84, co-director of the IAA and executive director of the Johns Hopkins Information Security Institute. “It’s pretty easy for a country to build offensive cyber capability,” he says. “It’s also easy to make attribution murky—if they just want to damage their neighbor’s banking system but then disavow responsibility.” Such attacks can be part of a military offensive, as is now being seen in the Russia-Ukraine war, but they can also take the form of lesser incursions intended to probe a rival’s weaknesses or sow chaos.
High-profile, national-scale cybersecurity threats may grab headlines, but there are also myriad ways in which the general public can potentially fall prey to exploitation by bad actors online. Although some of these attacks may be delivered through predictable routes, such as our phones or laptops, we also live our lives surrounded by less obvious—but equally vulnerable —gateways to the internet. “Pretty much anything electronic that you buy nowadays comes with an app for it,” says Avi Rubin, professor of computer science and technical director of the ISI.
Research at the ISI and IAA is focused on identifying and defending against such vulnerabilities at every level of America’s digital infrastructure—but this is a challenging and never-ending task, where the villains’ tactics are evolving just as rapidly as the technology they exploit.