White House warns of possible Russian cyberattack
A month into the Russian invasion of Ukraine, one notable aspect of Russian military power has been largely absent from the conflict: its capabilities in cyberspace. Despite widespread expectations that Russia would use the invasion of Ukraine to carry out cyberattacks as part of a broader military operation, this mostly hasn’t come to pass.
That may be about to change. This week, Biden administration officials warned that they have reason to believe Russia may be about to launch cyberattacks against U.S. critical infrastructure. “The more Putin’s back is against the wall, the greater the severity of the tactics he may employ,” President Joe Biden said. “One of the tools he’s most likely to use in my view, in our view, is cyberattacks.” In a statement on Monday, Biden urged critical infrastructure operators to harden their defenses in preparation of a possible Russian attack.
The warnings from the White House are based on what Anne Neuberger, Biden’s top cybersecurity adviser, called “evolving threat intelligence, that the Russian government is exploring options for potential cyberattacks on critical infrastructure in the United States.” According to Neuberger, the U.S. government has no evidence of a specific attack but has observed “preparatory activity” that may be the prelude to a cyberattack on U.S. interests.
Over the past two weeks, U.S. federal agencies, including the Cybersecurity and Infrastructure Security Agency and the Transportation Security Administration, have carried out briefings for private-sector partners in a bid to improve awareness of the possible threat. Following Russia's invasion of Ukraine, the Department of Homeland Security has urged U.S. businesses to assume a “shields up” posture, increasing their cybersecurity vigilance in anticipation of Russian action.
It’s important to note that in the realm of cyberwarfare, much of the action takes place far from public view. Breaches of digital systems may be taking place on a far greater scale than we are aware, and it may be only after the conflict—if ever—that they come into view. In the cyber domain, we don’t know what we don’t know, and what we don’t know may be most consequential of all. On the other hand, Russian forces have struggled to carry out combined arms operations that integrate air and land power to carry out coordinated attacks. Given these struggles to carry out combined operations, it should perhaps be no surprise that Russian armed forces may be struggling to integrate cyber operations into what was clearly an unrealistic plan of military operations to begin with.
Intelligence strategy. In the run-up and aftermath of the Russian invasion of Ukraine, Washington has adopted a policy of broadly disclosing intelligence about anticipated Russian actions, and this week’s warnings can be seen in line with earlier disclosures about Russian military activity. As with earlier disclosures, the Biden administration runs the risk of harming its credibility if its warnings do not come true. But so far, U.S. intelligence agencies have proven remarkably successful in correctly predicting Russian moves—a track record that may grant the Biden administration greater leeway in continuing to make disclosures in a bid to head off Russian action.
Warnings about a possible Russian cyberattack against U.S. infrastructure raise questions about the strategic value of such attacks. Following the invasion, the United States and its allies have implemented a crippling sanctions package against Russia and funneled weapons and supplies into Ukraine to aid a defensive military effort that so far has fought Russian armed forces to a stalemate. The Kremlin has few ways to retaliate against these measures, and a cyberattack against U.S. infrastructure might be one of the few ways for the Kremlin to impose some costs on the United States for its support of the Ukrainian war effort.
A Russian cyberattack on U.S. infrastructure—especially if it causes disruption in the lives of ordinary Americans—carries major escalation risks. The Biden administration has so far resisted engaging militarily in the conflict, but a destructive Russian cyberattack might grow support in the United States, at least among hawkish voices in Washington, for greater military involvement. Such an attack may also strengthen resolve in Washington to continue to support Ukrainian operations. Both these consequences raise questions about what strategic value the Kremlin could see in a cyberattack on U.S. infrastructure.
The cyber landscape. While analysts have been disappointed by the scale of Russian cyberoperations, the conflict in Ukraine has been far from devoid of digital breaches. As Russian armed forces launched their invasion on Feb. 24, a high-speed satellite internet provider saw its service in Europe disrupted due to a cyberattack, resulting in what appears to have been a major communication loss for Ukrainian security services just as Russian forces rolled in. Western intelligence agencies are investigating this breach, but no culprit has been identified. If pinned on Russian state-backed hackers, this event would likely qualify as a notable use of a cyberattack as part of an integrated military operation—and may cause analysts to recalibrate their assessments that Russian cyber forces have largely stayed on the sidelines for the invasion of Ukraine. Elsewhere, Belarussian hackers were observed targeting Ukrainian officials and trying to obtain their digital credentials. In the run-up to the invasion, distributed denial of service attacks resulted in service outages for some Ukrainian banks. Cybercriminal groups loyal to Russia have threatened attacks.
On the other side of the conflict, Ukrainian officials have described their work in the cyber domain as mostly defensive, but Ukrainian volunteers and proxy groups appear to be carrying out cyberattacks against Russian targets. Ukraine’s so-called “IT Army” consists of perhaps as many as 400,000 hackers carrying out attacks against Russian targets, with the encouragement of some within the Ukrainian government. But the actual impact of these attacks so far appear to be fairly minor. That said, earlier this month, a Ukrainian newspaper published a list containing what was claimed to be the personal details of 120,000 Russian servicemembers, a database that, if verified, would likely dent morale among Russian armed forces. Who was behind that leak remains unclear.
In short, the contours of the cyber conflict in Ukraine are difficult to discern. Both sides are employing cyber tools to some extent, and Russia likely still has escalatory tools at its disposal. As the conflict drags out, the prominence of cyberconflict may take on greater importance, with the Kremlin seeking ways to punish U.S. support for Ukraine. The consequences of that new phase of the conflict are difficult to predict.
– Elias Groll (@EliasGroll) |
|