WASHINGTON — Russia may turn to increasingly brazen cyberattacks as its military is stymied by Ukrainian forces, according to a senior U.S. cybersecurity official.
While a feared wave of cyberattacks against U.S. networks and critical infrastructure at the onset of Russia’s invasion of Ukraine failed to materialize, a protracted conflict could motivate Moscow to act more aggressively in cyberspace, Neal Higgins, deputy national cyber director for national cybersecurity, said June 14.
“A slow military progress continues to thwart the Russians on the ground in Ukraine. They may increasingly consider cyber options to divide our allies and to dilute international resolve against its action,” Higgins said at an event hosted by Defense One. “We have not seen that yet, but we’re not out of the woods. We have to keep our shields up, we can’t let our guard down.”
President Joe Biden warned in March that evolving intelligence showed Russia planned potential stateside cyberattacks. He said the magnitude of Russia’s cyber capabilities “is fairly consequential, and it’s coming.”
Military leaders, lawmakers and analysts in the early days of Russia’s offensive also warned of dangerous cyber spillover.
“The Russians have a history of using poorly controlled, damaging attacks that can spread beyond their intended targets,” Higgins said. “That’s what happened, most famously, in 2017 with the NotPetya attack, which was focused on Ukraine but caused billions of dollars of damage around the world.”
Russia peppered Ukraine with cyberattacks in the lead up to its invasion this year and continues to assault digital systems. The U.S., Canada and European powers in May blamed the Kremlin for a February cyberattack on Viasat that disrupted internet service for tens of thousands of people, including those in Central Europe.
“The last 24 months have seen an unprecedented surge in high-profile cyber events, from SolarWinds beginning in late 2020, through Kaseya, Colonial Pipeline, JBS Foods, and now the use of cyberattacks in connection with the ongoing Russian invasion of Ukraine,” Higgins said.
Viasat in March told C4ISRNET the hack had no effect on U.S. government customers and did not jeopardize their data. Its core network infrastructure and gateways were also not compromised.
Russia has historically denied wrongdoing.
In response to the growing threat, the U.S. government urged the private sector and others to step up their cybersecurity practices and keep an eye out for irregularities. The Cybersecurity and Infrastructure Security Agency issued a so-called Shields Up notice, warning that Russian belligerence “could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland.”
Higgins on Tuesday said the U.S. is better prepared for cyberattacks now.
“One of the key activities that you’ve seen since the threat of the Russian invasion of Ukraine really began to metastasize in late 2021 was greater collaboration between the government and the private sector, including through the Joint Cyber Defense Collaborative, the JCDC, run by CISA,” he said. “But a lot of work has occurred less visibly to try to make sure that we are as well defended as we can be.”
Colin Demarest is a reporter at C4ISRNET, where he covers military networks, cyber and IT. Colin previously covered the Department of Energy and its NNSA — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.