Disclaimer: The investigation made by the Swedish Civil Aviation Administration, LFV, after the radar disruptions that affected parts of Sweden's air traffic on 4 November 2015, shows that the disruptions were due to radio emissions linked to a solar flare. This is the conclusion from the investigation conducted by LFV after the event. Read the full story here. In November 2015, outages in Sweden’s Air Traffic Control System lasting several days led to hundreds of domestic and international flights being grounded at multiple airports across the country. According to the International Business Times, sources in the Swedish government have claimed the outages were the result of a sustained cyber attack perpetrated by Russian intelligence. At the time, the Swedish Civil Aviation Administration publicly stated the issue was caused by a “solar storm phenomena,” which disrupted radar systems and made air traffic controllers' computer screens go blank. However, several anonymous sources say Russia was behind the sophisticated attack.
“…Swedish authorities traced the source of the attack to an Advanced Persistent Threat (APT) group that has previously been linked to the Russian military intelligence agency, Spetsnaz Gru,” a source told AldriMer.no.
During the ongoing attack, authorities in the Scandinavian country alerted NATO – the North Atlantic Treaty Organization – despite Sweden not being part of the alliance. AldriMer.no reported two separate warnings were issued and relayed to several NATO allies, including Norway and Denmark.
“The message was passed on to NATO either by Sweden’s National Defence Radio Establishment (Försvarets radioanstalt, FRA) or the Swedish Military Intelligence and Security Service (Militära underrättelse- och säkerhetstjänsten, MUST),” a senior NATO source told the publication.
At the same time these warning were issued, the source also said NATO had independently detected that Russia instigated “electronic warfare activity” in the Baltic Sea region that was congesting air traffic communication channels. “NATO traced the signals and they led to a large radio tower in the Russian enclave of Kaliningrad, the south of Lithuania,” wrote the IBT. The national Computer Emergency Readiness Team (CERT) centers for Norway, Denmark and other neighboring countries declined to comment about the attack.
Achieving Resilience with NERC CIP
Explore the critical role of cybersecurity in protecting national Bulk Electric Systems. Tripwire's NERC CIP Solution Suite offers advanced tools for continuous monitoring and automation solutions, ensuring compliance with evolving standards and enhancing overall security resilience.
