Skip to main content

We continue to assess that hostile actors – primarily Russia – pose a high threat to critical infrastructure in Europe.

This assessment was issued to clients of Dragonfly’s Security Intelligence & Analysis Service (SIAS) on 27 March 2023.

  • Recent press reporting has speculated that pro-Ukraine actors were behind explosions on Nord Stream gas pipelines in 2022
  • Such reporting is unconfirmed, and irrespective of its veracity, Russia remains the most capable and motivated hostile actor

It is still unclear who was behind explosions on two Nord Stream gas pipelines in the North Sea last year. Comments by sources of varying credibility have prompted speculation in international media outlets that non-Russia-linked actors may have been behind the attacks, such as US- or Ukraine-linked individuals. But so far, those reports have not led us to revise our assessment of the threat to critical infrastructure in Europe, which is currently high, particularly in Czechia, Germany, the Netherlands, Norway, Poland, Spain and the UK.

Nord Stream details increasingly unclear

Speculation that pro-Ukraine groups were behind the Nord Stream incident has gained traction online in recent weeks. A reputable German media outlet earlier this month reported that German investigators had found new evidence suggesting the perpetrators may have carried out the bombings from a small yacht rented from a Poland-based, but Ukrainian-owned, company. It is not clear how they obtained this information, how reliable it is, or what this means for efforts to attribute blame for the attacks, however.

Those press reports have led to questions from our clients. That has prompted us to reflect on our past assessments following the attacks and revisit those. We consider this reflection particularly important given the extent to which our assessment that Russia was responsible has fed into our infrastructure threat assessments and general reporting. But we are yet to see any concrete evidence that would lead us to change our standing assessments of the risk of hostile actions against European infrastructure.

Russia still most likely perpetrator of sabotage attacks

We maintain our assessment that Russia-linked actors are the most intent on, and capable of, mounting attacks on European critical infrastructure. This is regardless of the Nord Stream attacks and is based on Russia’s hostile actions against critical infrastructure. These include:

  • Explosions at an ammunition depot in Czechia in 2014, which the Czech authorities attributed to Russian military intelligence agents
  • Hostile cyber operations in 2016 by Russian intelligence-linked hackers, which targeted engineers in Ireland with access to the country’s National Grid control systems
  • Hostile cyber operations in 2017 by Russia-linked hackers targeting energy sector workers with access to the UK’s power grid, reportedly seeking access to systems that control power stations
  • Letter bombs in Spain in 2022 from Spain-based individuals – who the US has said were associates of a white supremacist militant group directed by Russian military intelligence agents – at six strategic locations including a weapons manufacturer

Russia will probably continue to be the primary state-linked actor posing a threat to such infrastructure in the medium term, at least.

In our analysis, Russia also had the most to gain from the Nord Stream attacks. As with the attacks above, the Nord Stream incidents caused concern among European authorities about the extent of Russian agent presence in their countries and their access to infrastructure. They also appeared to reinforce Russian messaging on its attitude towards states’ provision of aid to Ukraine. This messaging provides strategic benefits to Russia.

Russia’s majority ownership (51%) of the pipelines alone is not enough to discount what it probably had to gain from bombing them, in our analysis. By the time the explosions took place (26 September), Russia was covering only 15% of EU gas imports in Q3 of 2022, compared with 40% in 2021. It was losing revenue potential on deliveries through these pipelines in any case. And damaging them would have given Russia the opportunity to blame Europe or the US. That aligns with its proven intent to encourage anti-Western sentiment.

Plausible that other actors want to target infrastructure, too

It is still plausible that other actors with interests linked to the Ukraine conflict are also intent on and capable of mounting such attacks. The existence of these actors only compounds the threat to infrastructure. Some pro-Ukraine or even Western state actors may well calculate that attacks on European infrastructure would galvanise Western support for Ukraine. But to achieve that objective, actors would need to make it look like Russia is responsible. That in turn reinforces our confidence in the assessment of the high risk of attacks targeting infrastructure.

As for the Nord Stream attacks, it is less plausible that pro-Ukraine – rather than Russia-linked – groups were behind these. European officials said initially after the bombing in September that a state-backed actor was most likely responsible. European politicians have refused to confirm claims that Ukraine conducted the attack since recent media reports have suggested a pro-Ukrainian actor might have done so.

The Ukrainian government is highly unlikely to have directed an attack on gas pipelines, not least given the effect these would have on gas prices (an increase of 7%). High prices linked to the conflict were already undermining public support for aid to Ukraine in European countries. And it seems counter-intuitive for an actor to choose Gazprom-owned pipelines if they wished to frame Russia for the attack.

Image: Ambassador Vassily Nebenzia, Permanent Representative of the Russian Federation to the UN, and Ambassador Zhang Jun, Permanent Representative of China to the UN, engage in conversation during the UN Security Council meeting on Nord Stream pipeline explosions at the UN Headquarters on 21 February 2023 in New York City. Photo by John Lamparski via Getty Images.