Abdijabar Yussuf Mohamed is an incoming graduate student and Kennedy Fellow at Harvard University in Cambridge, Massachusetts, where he will be pursuing a Master of Public Policy (MPP) at the John F. Kennedy School of Government. His research interests span from computational public policy, Artifician Intelligence (AI), cybersecurity & cyberwarfare, Sino-Africa relations, to armed conflicts in the Horn of Africa.

Wartime thriller enthusiasts are familiar with Alfred Hitchock’s Saboteur (1942). In this enthralling American spy film, famous for its climactic sequence atop New York City’s Statue of Liberty, the protagonist, Barry Kane (as portrayed by Robert Cummings), a California-based aircraft factory worker, is falsely accused of committing an act of sabotage that led to the demise of a co-worker. Determined to exonerate himself, Kane flees from police custody and, accompanied by Patricia Martin (acted by Priscilla Lane), sets on a perilous cross-country chase to catch the actual criminal. During the course of the manhunt, the protagonists thwart a sabotage plan by American fifth columnists who were conspiring to blow up the Hoover Dam (formerly known as the Boulder Dam) that harnessed the waters of the mighty Colorado River to provide electricity to Los Angeles-based American defense plants. The Hoover Dam, still one of America’s largest hydroelectric facilities and an engineering marvel, is a concrete arch-gravity dam situated across the Black Canyon of the Colorado River and straddles the U.S states of Nevada and Arizona. Today, the threat of hydroelectric dams and reservoirs being blown up is neither limited geographically to America nor is it a preserve of riveting American thriller films.
In the 21st century, as such critical infrastructures as massive hydroelectric power plants (dams and reservoirs) are connected to the internet, there is a palpable threat posed by cyber terrorists who are hellbent on wreaking havoc on targeted critical infrastructures. Hackers, largely sponsored by rival nation-states, wage borderless battles on enemy nation-state’s critical infrastructures such as hydroelectric power plants, water supply systems, the power grid, hospitals, etc…. In this regard, cyber attacks on critical infrastructures continue to emerge as a force to reckon with and form a significant component of the arsenal in geopolitical conflicts. A case in point is the GERD (shown in Figure 1 below), Ethiopia’s $4.5 billion flagship project and Africa’s largest hydroelectric power plant. The GERD, the epicenter of the geopolitics of water pitting the Horn of African nation against the downstream riparian states of Egypt and Sudan, will arguably become one of the defining fronts of cyberwarfare in Africa.
In June 2020, Ethiopia’s Information Network Security Agency (INSA) reported that it thwarted cyber attacks carried out by Cyber_Horus Group, a state-sponsored Egyptian hacker group. Aimed at mounting pressure on Arat Kilo over the construction and filling of the GERD, the group hacked numerous Ethiopian government websites under an image depicting a skeleton pharaoh and defaced the websites with the following threatening message:

“If the river’s level drops, let all the Pharaoh’s soldiers hurry and return only after the liberation of the Nile, restricting its flow. To prepare the Ethiopian people for the wrath of the Pharaohs.”

“If the river’s level drops, let all the Pharaoh’s soldiers hurry and return only after the liberation of the Nile, restricting its flow. To prepare the Ethiopian people for the wrath of the Pharaohs.”
Again, in May 2022, INSA reported that the agency had foiled a cyber attack attempt targeting the GERD and other Ethiopian critical infrastructures. According to Shumete Gizaw, Director General of INSA, in a bid to frustrate the works of the GERD and major financial institutions, the state-sponsored malicious hackers affiliated with a foreign nation that envies “the peace and development endeavors of Ethiopia” targeted approximately 37,000 interlinked computers used by the Horn of African nation’s financial institutions. He further alleged that this is part of a cyber war campaign against Ethiopia, code-named the “Black Pyramid War”.

Figure 1: Satellite of Image of the GERD (source: Maxar Technologies)

Organizational Structure

That Egyptian-affiliated hackers pose an unprecedented threat to Ethiopia’s national critical infrastructures, specifically, the GERD is given. However, little is known regarding the nature of cyber warfare that Ethiopia will be embroiled in with Egypt (and potentially Sudan as well) over the GERD. Despite its limited purview, this short work – the first part of a series of informative pieces available in future Horn Review publications- aims to enlighten the Ethiopian authorities and the public on this matter. In this part, I start with a simplified but possible cyber attack scenario on the GERD. Then, this is followed by an analysis of some possible effects of a cyber attack on a computerized GERD. Part II of the following publication will delve deeper into Ethiopia’s preparedness on the digital battlefield vis-à-vis Egypt and Sudan, the urgent need for establishing a dedicated Ethiopian Cyber Command, the place of an African Union (AU) Cyber Command that would conduct “virtual peacekeeping” over the GERD and other critical Ethiopian institutions in the likely event of destructive cyber-attacks that follow when GERD negotiations falter, and policy recommendations to facilitate towards shaping a cyber resilient Ethiopia.

A Simplified Cyber Attack Scenario on the GERD

For the sake of the hypothesis and as it is in many parts of the world, let us assume that the operations of the dam are remotely controlled by a contractor (let us call it Gidibachin, an imaginary contractor based in the Bole, Addis Ababa) that employs about 100 specialists who remotely work on different parts of the GERD. A malicious attacker, based in Cairo, Egypt, sends a barrage of meticulously crafted phishing emails that contain malicious payloads to all of Gidibachin’s 100 employees. As soon as the emails are received, one of Gidibachin’s employees falls for the ruse and instantly downloads the malware. As a consequence, the Egyptian hacker gains access to the employee’s user credentials and other critical data. Utilizing the stolen user credentials, the hacker gains remote access into GERD’s networks through a Virtual Private Network (VPN) in order to hide his digital footprints. Immediately afterward, the hacker maintains access to the GERD’s systems using an undetectable backdoor. The criminal familiarizes himself with the GERD’s intricate details and subsequently gains control of the dam’s automated components.

Plausible Impacts of Cyber Attacks on the GERD’s computers

By its very nature, critical infrastructure such as a hydroelectric power plant is a complex system. To ensure smooth operations, dam operators and technicians must continuously monitor the different parts of the system. Thus, operating such a complex system as the GERD implies that there is a need for administrators and other relevant authorities to frequently interact with the systems. This calls for the adoption of Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA) systems to enable the dam administrators and authorities to regulate the processes both locally and remotely. If hackers gain access to the ICS/SCADA systems (the dam’s command and control systems), then they can wreak unprecedented cyber-physical havoc in several ways. To mention some but few key risks, hackers can cause the following: (1) flooding the waters ; (2) poisoning the waters of the GERD; (3) engendering power blackouts to the national and regional power grids connected to the GERD; and (4) leveraging the GERD’s systems as a launchpad for conducting transnational cybercrime activities in Ethiopia and beyond.

Flooding the Waters of the GERD

The village of Bameza, Benishangul-Gumuz Region (BGR), where the GERD is located, and the BGR in general, has been historically prone to flash floods. Adverse weather phenomena like the El Nino and heavy rainfalls during the rainy season frequently induce deadly floods and landslides that are detrimental to human lives and crop production. Alongside the natural disasters that the BGR is vulnerable to, the region is now vulnerable to the man-made impacts of a devastating cyber attack on the GERD. If Egypt-based hackers gain access to the GERD’s system, they could empty the reservoirs by simultaneously opening the floodgates and other outlets of the dam. As a result, the rapid flow obliterates the adjacent turbines and power stations and leads to destructive floods that, in addition to destroying crops, could claim many lives and force residents to evacuate from the area. Although we have not yet witnessed such devastating effects on GERD, the possibility of such consequences is not far-fetched. A historical precedent for such potential consequences exists.

Although we have not yet witnessed such devastating effects on GERD, the possibility of such consequences is not far-fetched. A historical precedent for such potential consequences exists.

In 2016, the U.S Justice Department unsealed an indictment against Hamid Firoozi, an Iranian who, along with other six Iranians acting on behalf of the Islamic Revolutionary Guard Corps (IRGC), the ideological custodian of Iran’s 1979 revolution, was allegedly involved in a 2013 intrusion into the SCADA systems of the modest Bowman Avenue Dam near Rye Brook, New York. The dam’s SCADA systems that were installed a few years before the Iran-backed security breach incident was connected to the internet through a cellular modem. The access level that Firoozi and his accomplices had would have allowed them to obtain critical information on the dam’s water level and temperature information. Furthermore, this access would have allowed them to remotely operate the dam’s floodgates. It is only that during the period of intrusion into the dam’s systems, the electronic gate was taken offline for maintenance purposes. Even though Rye Brook, located outside New York City, is a low-population area, a 2007 flood caused more than $80 million worth of damages to the nearby City of Rye. If the Iranian hackers had access to the dam’s command and control systems during a storm, they would have been in a position to open the dam’s floodgates and cause more damage to the local community living near the Bowman Avenue Dam. Extrapolate this logical point of departure to the devastating effects that could emanate from Egyptian hackers obtaining access to the floodgates of the massive GERD. Thousands of lives in the Bameza villege, BGR, would be claimed, crops destroyed, and an Internally Displaced People (IDP) crisis could follow.

Poisoning the Waters of the GERD

Malicious cyber actors with access to the GERD’s internal systems can cause wanton destruction by increasing the Chlorine levels. By increasing the amount of water treatment chemicals such as Chlorine beyond what is fit for human consumption, cyber attackers on the GERD can kill people who drink the dam’s waters. In the recent past, hackers attempted to poison water treatment facilities.
In 2000, the police in Queensland, Australia, arrested a man for deploying a computer and a radio transmitter to take control of the Maroochy Shire Council’s Sewerage System and subsequently released sewage into parks, rivers, and even the grounds of a Hyatt Regency Hotel. Similarly, In 2021, malicious hackers gained unauthorized access to a water treatment plant located in the small American town of Oldsmar, Florida. Upon gaining access into the plant’s networks, the hackers momentarily adjusted the levels of lye (Sodium hydroxide) in the drinking water before being mitigated by the state’s cyber incident responders. In small amounts, lye is a chemical used for treating the acidity of water and removing metals from the water before being supplied to the residents. In larger amounts, it is a toxic chemical that can lead to the death of people who consume the resultant poisoned waters. A similar attack by Egyptian hackers into the GERD’s water filtering system would have dire consequences for Ethiopia.

Catastrophic Power Outages

Many Ethiopians, especially those living in rural areas of the emerging states such as the BGR, Gambella Region, and Somali Region, lack access to electricity. To enhance its citizens’ access to energy, the Ethiopian government is eyeing to provide electricity to Ethiopia by harnessing the Blue Nile Waters in the GERD reservoirs. Additionally, it aims to be a regional powerhouse that sells electricity to neighboring countries in the Horn of Africa, and beyond. If hackers sponsored by foreign governments successfully infiltrate the GERD’s networks, then they could escalate their access privilege to eventually disrupt power distribution and even cause a nationwide and region-wide power blackout. Such apocalyptic scenarios are tantamount to the loss of millions of dollars for Ethiopia and its future electricity customers in neighboring countries such as Kenya, Somalia, and Djibouti.

If hackers sponsored by foreign governments successfully infiltrate the GERD’s networks, then they could escalate their access privilege to eventually disrupt power distribution and even cause a nationwide and region-wide power blackout.

Leveraging the GERD’s computers as a Transnational Cybercrime Station

Besides the aforementioned risks, hackers with diverse affiliations and hats (nation-state-sponsored hackers, hacktivists, local cybercrime syndicates, etc.) could attempt to gain access to the GERD’s networks. If they successfully manage to do so, they may initially deliberately refrain from causing damage to Ethiopia’s critical infrastructures. Instead, they could leverage the robust computerized systems that undergird the massive as a station for hosting robot networks (botnets) that will be used for mounting Distributed Denial of Service (DDoS) attacks, malware attacks, phishing attacks, and ransomware attacks, among others, to local and international businesses and governments. In such a scenario, the GERD could be reduced to a cybercrime Mecca that attracts sophisticated transnational cybercrime syndicates and serves as a testing ground for the so-called script kiddies (novice hackers).