A new White House warning suggests Russia is weighing a cyberattack against the US Here’s what to expect — and how to prepare.
Cybersecurity experts have been puzzled by the absence of a major cyberattack from Russia in the wake of its invasion of Ukraine and in retaliation for crippling sanctions. Kremlin-backed hackers have previously shut down Ukrainian electric grids and propagated malware that caused an estimated $10 billion worth of global damage. This time, barring a few issues on Ukrainian websites and the disruption of a satellite internet provider, it’s been quiet on the hacking front. Prevailing theories have been that Russia’s cyber capabilities are not that great, while Ukraine has become better at defending its networks .
A new warning from the White House suggests something more calculated: Russia has simply chosen not to do anything yet. President Vladimir Putin may well have been keeping his cyber assault on hold for the right moment.
Here’s the key line in President Joe Biden’s statement, published Monday afternoon in Washington: “Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.”
“Exploring options” could mean a number of things:
- The hackers are already in U.S. or European networks and waiting for the green light to attack. This has precedent. The Solar Winds cyber attack in 2020 — which was carried out by more than 1,000 operatives of the Russian government and breached at least 100 companies around the world — went undetected for months. The damage cost tens of billions of dollars and led to the theft of valuable data. The hackers were able to lease servers from Amazon Web Services and others to bypass surveillance from the National Security Agency, exploiting a legal loophole that prevents the NSA from monitoring domestic networks. NSA director Paul Nakasone has since argued to lawmakers that this creates a dangerous “blind spot” for the NSA.
- Russian cyber criminals, who have long enjoyed immunity from prosecution in Russia, are planning a wider array of ransomware and malware attacks on Western targets, including government agencies and companies.
- A more serious attack on critical infrastructure, such as knocking out an electric grid in the U.S. or taking a power plant offline, is in the works. Russia’s fingerprints are all over some of the worst attacks on critical infrastructure to date. The Triton malware attack in 2017 on a Saudi petrochemical plant saw hackers take over the plant’s safety instrument system, which could have led to a loss of life.(1)Russian hackers have for years been breaking into U.S. power utilities to probe for weaknesses and planting malware that could give them control of part of an electrical grid or a water-treatment facility.
U.S. intelligence has been largely right in predicting Russia’s next moves since invading, so there’s good reason to take Biden’s warning seriously. Anne Neuberger, the deputy national security advisor for cyber and emerging technology, said on Monday that U.S. intelligence had observed “preparatory activity,” and that federal agencies last week had convened more than 100 companies to “share new cybersecurity threat intelligence.”
She added that there was “no certainty there will be a cyber incident on critical infrastructure,” and that Biden’s warning was a call to action.
Cyber attacks have a psychological impact, hurting morale as much as actual infrastructure. They create the illusion that a shadowy group is in control and, worse, could be hiding in wait to cause even more damage. Putin, a former KGB officer who is well-versed in psychological warfare, may have been letting his missiles create the first wave of collective unease for both Ukrainians and the West.
Fortunately, there are basic things that organizations and individuals can do to mitigate potential threats. Companies can invest in running incident response simulations, disabling remote access for employees where it’s not critical and patching vulnerabilities they already know about. European banks operating in Russia have taken a more blunt approach by simply separating their Russian units from their main computer systems. Commerzbank AG, for instance, has designed a “kill switch” to make that separation possible, Bloomberg News reported earlier this month. Individuals should start using two-factor authentication, if they don’t already, to log into email and social media when possible.
The prospect of an attack on the horizon can create a sense of powerlessness at organizations, but there is much they can do to limit how bad the damage gets.
(1) According to the U.S. Treasury Department, the Triton malware attack was supported by the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM), a Russian government-controlled research institution that is responsible for building customized tools that enabled the attack.
Parmy Olson is a Bloomberg Opinion columnist covering technology. She previously reported for the Wall Street Journal and Forbes and is the author of ‘We Are Anonymous.’