US officials put Americans on alert for Russian cyberattacks as Ukraine war grows

U.S. officials are highly concerned about the impact on American cyber networks as the war in Ukraine enters its third week and Russian President Vladimir Putin grows more isolated.

“While there are not any specific, credible, cyber threats to the U.S., we encourage all organizations – regardless of size – to take steps now to improve their cybersecurity and safeguard their critical assets,” the federal Cybersecurity & Infrastructure Security Agency told USA TODAY in a statement Tuesday.

The Biden administration sought $10 billion last week in emergency funding from Congress in defense aid, including to support Ukraine’s cyber defenses, as well as $28 million to bolster the FBI’s “investigative and operational response to cyber threats stemming from the Russia threat and war on Ukraine,” according to the supplemental funding request.

U.S. intelligence officials told Congress in an annual threat assessment Tuesday that Russia's cyber operations attack those the government sees as working to undermine its interests or threaten its stability.

"Russia views cyber disruptions as a foreign policy lever to shape other countries' decisions, as well as a deterrence and military tool," said the report, which noted that Russia is focused on targeting critical U.S. infrastructure.

U.S. officials said the most likely short-term impact would be spillover of any Russian cyberattack against Ukraine. Because cyber networks are connected, attacks can easily spread to other nations.

In 2017, Russian “NotPetya” ransomware attacks against Ukraine took down the world’s largest container shipping company, banks, power plants and more, costing about $10 billion in global damage.

Because there are no generally accepted international cyber warfare norms, it’s unclear whether a cyberattack against Ukraine that spread to a NATO ally, such as Poland or France, would trigger the alliance's Article 5, which states that an attack against one NATO nation is an attack against all.

Part of the concern for U.S. officials is that Putin likened sanctions against Russia to a "declaration of war" and implied a reciprocal response in other domains to actions by Western nations. It's unclear how Putin might respond to President Joe Biden's announcement Tuesday that the United States will ban all imports of Russian oil, gas and energy.

Although Russia might have the capabilities to disrupt Western finances, businesses expected the blowback to the Russian economy would be so great that Putin would never really do anything. But over the past two weeks, U.S. companies across nearly all economic sectors have effectively self-sanctioned themselves from operating in Russian markets.

"The more that Russia is cut off from the global finance sector, from the energy markets, from even the internet itself, it no longer has anything to fear from blowback," said Jason Healey, a former White House cyber protection director. "If we deal him out of the game, why not just flip the table?"

Security firms vow to protect US infrastructure from attacks

On Monday, three U.S. cybersecurity firms – Cloudflare, CrowdStrike Holdings and Ping Identity – announced they would join forces to provide free defense services to certain sectors of critical U.S. infrastructure, including hospitals and water and power utilities.

Many U.S. analysts had expected Putin to lean heavily on cyber as a tool in the war against Ukraine. Since 2014, Russia has engaged in repeated cyberattacks against Ukraine, even shutting off its electrical grid. Much like Russia's invasion of Ukraine was criticized strategically, its cyber efforts have not matched what U.S. officials expected.

Unlike shooting a missile or rolling a tank into a village, cyber capabilities can take years to develop, and operations take time to map out. Because so many in the Russian government were unaware of Putin's plans until the invasion was imminent, it's possible Russian cyber teams were similarly caught unprepared and are still building out these operations, analysts said.

Sen. Mark Warner, D-Va., who co-chairs the Senate Cybersecurity Caucus, said that just because Russia has been "inept with their military doesn't mean they're inept in cyber" and not a threat.

"We don’t know whether Russia will use their really exquisite tools from their government (cyber) entities, their spy services, or whether they will simply say to all their ransomware criminals, ‘Have at it,’” Warner said, “because there's at least some level of deniability there.

He said Americans need to understand that no matter how good the United States is at cyber protection, any well-trained attacker will eventually get through defenses. That's why it's important to be prepared and ensure systems are resilient with proper security protocols and for companies to share information with the government to prevent the same attack techniques from being utilized again and again.

Robert M. Lee, founder and CEO of industrial cybersecurity firm Dragos, said he worries that Biden's announcement blocking Russian oil imports may lead Putin to attack U.S. pipelines and liquefied natural gas sites. In 2014, after Western financial institutions sanctioned Russia over the Crimean invasion, Russian cybercriminals increasingly targeted the U.S. financial sector, as well as Western banks, including JPMorgan Chase.

A Russian flag flies next to the U.S. Embassy in Moscow. Cybersecurity professionals urge Americans to protect themselves from possible Russian cyberattacks.
A Russian flag flies next to the U.S. Embassy in Moscow. Cybersecurity professionals urge Americans to protect themselves from possible Russian cyberattacks.

On Monday, Sen. Kirsten Gillibrand, D-N.Y., said New Yorkers face an increased risk of cyberattacks from Russia in response to the sanctions imposed by financial institutions because New York is considered the economic engine and financial center of the United States.

A potential cyberattack by Russia “has a symbolic signaling mechanism built into it, ‘an eye for an eye,’” said John Hultquist, vice president of intelligence analysis for Virginia-based cybersecurity firm Mandiant.

Attacks could worsen global supply chain issues

U.S. intelligence agencies shared information back and forth with private industry partners, including the firm Dragos, and noted that Russian-based groups have been trying to target more U.S. infrastructure, especially organizations in gas, electric and manufacturing, Lee said.

The company has long investigated Russian cyberattacks on Ukraine, including against its power grid in 2015 and 2016. The attack in 2015 resulted in power outages for more than 225,000 people by hitting three regional electronic power distribution companies within 30 minutes of each other.

In the USA, it's most likely Russia would make smaller disruptions and use its misinformation and influence operations to scare the American public, Lee said.

"You could have a power outage for an hour in a local town or something," Lee said. "But remember, we get through that kind of stuff all the time with hurricanes, tornadoes or anything else, so don't freak out. That's what they want you to do."

Manufacturing, in particular, could be a likely target of Russian cybercriminals who have long operated with the tacit approval of Putin, if not under direct order from the government.

Last May, a ransomware attack against Colonial Pipeline software that the United States attributed to Russian cybercriminals led to fuel shortages across the East and higher gas prices, as well as long lines of nervous motorists. Such targeting of the manufacturing industry could compound global supply chain issues during the pandemic, Lee said.

Further stress to manufacturing systems because of ransomware "could be disastrous," Lee said. "I could absolutely see shortages of food getting to grocery stores, it could be nearly impossible to get computers and laptops and telecommunications equipment in any kind of reasonable waiting period, massive increases in costs of goods or revenue at a time when we're experiencing record inflation."

Industrial environments – including manufacturing and refiners – have seen connectivity explode over the past few years, especially amid the pandemic, which simply ups the attack surface for Russian hackers, Lee said.

"There are more access points into the crucial parts of our critical infrastructure than ever before," Lee said. "You're dealing with environments that have less security investments than any other part of that company, and you're dealing with the fact that there's more access into them now than ever before."

This article originally appeared on USA TODAY: Ukraine war could mean Russian attacks on US cyber networks