Open Source Assessment of a Crimean Bridge Attack (UPDATED 10/8/22)
Is the bridge as safe from attack by Ukraine as Russia claims? (That would be a "NO")
UPDATE (08 OCT 2022):
One day after Vladimir Putin’s birthday, a truck exploded while crossing the Crimean Bridge. The explosion happened at the same time that a train carrying tanks of fuel was also transiting the bridge close to the truck according to CNN:
“Sergey Aksenov, the Russian-appointed Head of Crimea, confirmed that “two spans of the roadbed of the part [of the bridge] from Krasnodar to Kerch, collapsed” after a large explosion, and that a train’s fuel tanks caught fire. Video and images from the bridge show several charred rail fuel trucks.“
Videos of the incident as well as the aftermath have been posted across a variety of Telegram channels.
AUGUST 15, 2022: On August 14th, Ukrainian forces used U.S. supplied HIMARS to repeatedly hit the Antonivski bridge in Kherston Oblast, the last remaining bridge that Russia could use to bring heavy equipment or supplies over the Dnipro River.
But the bridge that Russia is most worried about, the bridge whose fall would bring about “such devastating response that Ukraine will no longer be able to recover” according to a State Duma member, is the Crimean Bridge, or the “Kerch Strait” Bridge, as Russia refers to it.
That objective has been a major concern of Russia’s since at least June 16th when Kremlin Press Secretary Dmitry Peskov had said that the Russian military had guaranteed the bridge’s security, to which Ukraine’s Ministry of Defense had this to say:
❗️GUR received detailed technical documentation of the "Crimean Bridge"
In particular, Ukraine received detailed information about the terrain, road surface, bridge supports, anti-landslide structures, entrances and exits and the entire infrastructure of the complex.
Intelligence officials note that even though the Russian Federation declares the "guaranteed" security of the "Crimean Bridge", it is difficult to take such words seriously if the Russians did not even bother to ensure the preservation of the technical documentation of the strategic facility.
Now this is interesting...
UA Insider
[FILE]
The construction of the bridge began in February 2016, about two years after Russia annexed Crimea. The Federal State Institution "Department of Federal Highways" Taman "of the Federal Road Agency " acted as the customer. The contract to build it went to LLC Stroygazmontazh, owned by Putin’s childhood friend and fellow Judoka, Arkady Rotenberg. The development of project documentation was carried out by Giprostroymost CJSC.
The bridge was completed in 2019. At 19 kilometers, it’s the longest bridge in Europe. It can accommodate up to 40,000 vehicles per day and up to 47 train pairs per day.
State of Security
According to remarks by Autonomous Republic of Crimea Senator Olga Kovitidi, Russia has done an assessment on Ukraine’s weapons as well as “weapons systems that have not been delivered" and has determined that there is no viable threat to the bridge.
The bridge, in fact, is heavily defended. It’s guarded by a layered air defense system consisting of two S-400 Triumph regiments for medium to long range anti-aircraft protection, Tor-M2 and Pantsir-S1 air defense systems for short range protection, electronic warfare equipment, and other protective systems and measures.
However, it appears that despite Senator Kovitidi’s remarks, Russia has recently taken new defensive measures to safeguard it.
On July 5th for The Warzone blog, Emma Helfrich and Tyler Rogovey wrote “Russia Seems To Be Preparing The Vital Kerch Bridge For Missile Attacks” after news broke of the deployment of decoy barges and smokescreens at the bridge.
Roman Skomorokhov, writing for for TopWar.ru, took Rogovey’s analysis further to underscore how unlikely it was for Ukraine to conduct a successful strike against such a hard target.
Attack By Land
Skomorokhov estimated that the maximum distance of effectiveness for any of Ukraine’s land-based missile systems is 350km or less, and the front lines are further away from the bridge than that. Therefore, an attack by land isn’t feasible for Ukraine at this time.
Attack by Sea
A ship-to-bridge missile attack would require a class of vessel that the Ukrainian Navy doesn’t currently have.
Attack by Air
While Ukraine is capable of mounting an air attack against the bridge, the bridge is protected by an impressive array of anti-aircraft weapons platforms, a few of which are described below.
The S-400 (NATO designation SA-21 Growler) was developed by the Almaz Central Design Bureau of Russia and first entered service in 2007. Advanced versions were rolled out in 2012. The system can engage all types of aerial targets, including aircraft, unmanned aerial vehicles (UAV), and ballistic and cruise missiles, within the range of 400km at an altitude of up to 30km. The system can simultaneously engage 36 targets.
The TOR M2 is a fully-automated surface-to-air missile (SAM) system manufactured by Almaz-Antey’s Izhevsk Electromechanical Plant Kupol. It can counter a wide range of targets including unmanned aerial vehicles (UAVs), guided missiles, cruise missiles, aircraft, helicopters and high-precision weapons flying at very low to medium altitudes.
The Pantsir-S1 was designed to provide air defence of military, industrial and administrative installations against aircraft, helicopters, precision munitions, cruise missiles and UAVs at low to extremely low altitudes.
On the other hand, at least some of these anti-aircraft platforms must have been positioned to protect Saky Air Base. The same arguments in favor of a “safe” Russian military installation deep in Crimea could have been made for Saky, and, as we now know, those estimates would have been proven wrong.
Cyber Operations
So far, none of the Russian military bloggers have addressed the bridge’s vulnerability to a Cyber attack, or, even more likely, a cyber attack that paves the way for a kinetic attack or an act of sabotage.
The document “Construction of a Transport Crossing through the Kerch Strait” (242 pages) contains extremely detailed specifications for every aspect of construction and operation of the Crimean bridge. It also specifies what software is used for each of the control systems.
Table Of Contents
Terms, definitions and abbreviations
Initial data used
Natural and climatic characteristics of the area
General characteristics of the design solutions for road transport
Subgrade, pavement and drainage systems of the approaches
Technical means of traffic management ADTP
Noise screens
Anti-landslide structures
Elements of the subgrade in the flood zone on the approach
Platforms for the parking of specialized equipment
Bridge canvas
Suspended drainage trays and pipes
Flying buildings
Support nodes of span structures
Supports
Bridge zone
Aids to navigation
Culvert pipes
Local treatment facilities
Tunnel-type overpass
Networks of outdoor lighting and power supply
Transformer and distribution substations
Aeronautical signaling systems
Architectural and artistic lighting
Automated system of technological control of power supply
Structured monitoring system for engineering systems and structures (SMISIK)
Automated traffic control system
Central control point of the CCP ADTP
Convention on the island of Tuzla
Auxiliary driveways, roads, and road structures
Auxillary passage along the Tuzla spit
Auxiliary access road from the road to the Rybkolkhoz to the pier “Taman” at the entrance to the auxiliary passage along the Tuzla Spit
Auxiliary passage on the island of Tuzla
Technological passage on section No. 8, Northern, Southern
AD 11-1 Plot on st. Cement Slobidka
AD 1106 Plot on st. Tamanskaya
Entrance to the production base of the operational service
Production base of the operational service
Classification of structural elements of a road transport crossing
Nomenclature, quantitative and areal characteristics of the structural elements of the road transport crossing through the Kerch Strait
Nomenclature, quantitative and areal characteristics of structural elements related to the uniqueness of the road transport crossing and not included in the list according to existing standards for the content
APPENDIX A - Terms of Reference
APPENDIX B - Terms, order of commissioning of launch complexes and periods of operation of the ADTP
APPENDIX C - Graphic materials
APPENDIX D - Scheme of location of local treatment facilities
Excerpts
Block Structure
The structure of the third block “ADT power supply systems” includes the following set of design objects:
outdoor lighting and power supply networks
transformer and distribution substations
span structures
air navigation signaling systems
architectural and artistic lighting
automated system technological management power supply (ASTU ES)
The composition of the fourth block “intellectual control systems of ADTP” includes the following set of design objects:
structured monitoring system for engineering systems and structures (SMISIK)
automated traffic control system (ASUDD)
central control point of the CPU ADTP
The composition of the fifth block “Auxiliary, technological roads and exit from ADTP includes the following set of design objects:
congress on the island of Tuzla
auxiliary passage along the Tuzla spit
auxiliary access road from the road to Rybkolkhoz to the pier
“Taman” with an entrance to the auxiliary passage along the Tuzla Spit berth
Tuzla Island Auxiliary Passage
technological passage Severny
technological passage Yuzhny
Software Specifications
Software specs for monitoring the bridge’s engineering systems and structures include the use of the following products:
BASIS SMIS software for monitoring and control of engineering systems
Savcor (a Finnish company) for Online Structural Health Monitoring software
Microsoft Windows Server 2012
Microsoft Windows 10 Pro
Microsoft Office Home and Business 2016 Russian
Microsoft SQL Server Standard Edition 2016
Acronis Backup & Recovery 11.5 Workstation
Kaspersky Internet Security for all devices
Paid subscribers may download the entire document (242 pages in scanned .pdf format) after the break.
Conclusion
No matter how powerful the weaponry, if software is involved, the object is vulnerable to attack because software can never be made 100% secure.
Just using the list above, which isn’t complete, there are over 50 CVEs registered for Kaspersky products, over 36 for Acronis products, and over 8900 registered CVEs for Microsoft products. And those are just the ones that have been found.
The bridge may have been built exactly to specification, and could stand for a thousand years, but its operations rely on complex software easily broken. Russia should be worried.
Keep reading with a 7-day free trial
Subscribe to Inside Cyber Warfare to keep reading this post and get 7 days of free access to the full post archives.