WASHINGTON – A new Department of Homeland Security bulletin warns that Russia could launch a cyberattack against U.S. targets on American soil if it believes Washington’s response to its potential invasion of Ukraine threatens its long-term national security.
DHS blasted out the memo Sunday to U.S. critical infrastructure operators and state and local governments around the country, warning that “Russia maintains a range of offensive cyber tools that it could employ against U.S. networks” that make everything from planes to hospitals to dams and bridges operate.
Separately, a well-respected private cybersecurity firm leader warns that while “cyber espionage is already a regular facet of global activity, as the situation deteriorates, we are likely to see more aggressive information operations and disruptive cyberattacks within and outside of Ukraine.”
Ukraine:Pentagon puts 8,500 troops on alert as Biden consults with European allies on Ukraine: What we know
“The crisis in Ukraine has already proven to be a catalyst for additional aggressive cyber activity that will likely increase as the situation deteriorates,” wrote John Hultquist, vice president of threat intelligence for Mandiant, a cybersecurity firm that provides services to private enterprises, governments and law enforcement agencies worldwide.
“At Mandiant, we have been anticipating this activity, and we are concerned that, unlike the recent defacements and destructive attacks, future activity will not be restricted to Ukrainian targets or the public sector," Hultquist wrote in his Jan. 20 online report.
Paul Rosenzweig, a former senior Homeland Security official, said the DHS Intelligence and Analysis bulletin underscores how even U.S. efforts to help avert a potential military conflict thousands of miles away has the potential to cause real harm to Americans here at home.
“In a globally connected world, conflicts are no longer geographically isolated. As DHS is warning, Russia may respond to U.S. actions in support of Ukraine by using offensive cyber tools against U.S. networks,” Rosenzweig told USA TODAY. “We have seen how vulnerable American systems are – think of the criminals who disrupted gas pipelines and meat packing last year. Now imagine that an angry Russia decides to take it to the next level – wastewater treatment; agriculture; transportation are all potential targets.”
Pentagon puts 8,500 troops on alert as Biden consults with European allies on Ukraine: What we know
If Russia were to launch such a cyberattack against U.S. targets, Washington would likely retaliate with defense or even offensive cyberweapons of its own. And that could trigger a potentially dangerous escalation that could threaten to draw the United States directly into the conflict between Russia and its neighbor Ukraine.
“That’s why the Russian attack on Ukraine is so dangerous,” Rosenzweig said. “It seems quite possible that the conflict will spin out of control – both on the ground and in the cyber universe.”
In its memo, DHS said Russian government cyber actors have spent years targeting and gaining access to critical infrastructure in the United States. In one particularly alarming campaign, Russian hackers have compromised U.S. energy networks since at least 2016, conducted network reconnaissance and collected the kind of information needed to gain control of those systems if they wanted to, it said.
More:Dam releases, bank failures and poisoned water: Cyber pros warn worst cases are possible
"Separately, Russian state-sponsored cyber actors have successfully compromised routers, globally, and U.S. state and local government networks, according to a CISA alert and a joint US-UK report," the new DHS memo said.
Despite those capabilities, the DHS memo said U.S. intelligence officials believe that Russia's threshold for conducting disruptive or destructive cyber attacks in the homeland "probably remains very high," in part because Moscow hasn't engaged in such confrontational behavior in the past.
In a statement issued late Monday, a Department of Homeland Security official declined to elaborate on the intelligence bulletin, but said that DHS regularly shares threat information with federal, state, local, tribal, and territorial officials and the private sector to help ensure their safety and security.
"We have increased operational partnerships between private sector companies and the federal government to strengthen our nation’s cyber defenses, including through CISA’s newly established Joint Cyber Defense Collaborative," or JCDC, the official said, speaking on the condition of anonymity to discuss operational details.
"The JCDC brings these partners together to help us understand the full threat landscape and enable real-time collaboration to empower our private sector partners to gain information and take action against the most significant threats to the nation.”
The DHS bulletin is just the latest indication that the U.S. government is worried about Russian cyberattacks, even as Washington says it's ready to deploy military and intelligence assets to the region in anticipation of a Kremlin military incursion.
A joint Cybersecurity Advisory – authored by CISA, the FBI and the National Security Agency – was sent out nationwide on Jan. 11 in an effort to prepare state, local and private sector officials of Russian cyberattack capabilities, including “commonly observed tactics, techniques, and procedures.” It also included detailed instructions on how potential victims could response to such cyberattacks and reduce their exposure.
And a month earlier, on Dec. 15, the Homeland Security cyber agency sent out another report with the ominous title, “Preparing For and Mitigating Potential Cyber Threats” that warned of sophisticated threat actors, including nation-states like Russia and their proxies, that have proven their ability to compromise U.S. networks and develop “long-term persistence mechanisms” that can lurk in their systems even after the most intensive efforts to root them out.
More:The next big cyberthreat isn't ransomware. It's killware. And it's just as bad as it sounds.
Officials warn that efforts to stop such cyberattacks on U.S. targets are virtually impossible, given their sophistication – and the relatively lax security protocols that most U.S. companies use. Many, if not most, elements of U.S. critical infrastructure are also vulnerable, and have been victimized by Russian cybercriminals in recent years.
There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on U.S. security, including the economic well-being and health and safety of Americans.
Last year, Russia-based cybercriminals were behind two of the most destructive cyberattacks in recent history, including a ransomware attack that caused the operators of the massive Colonial Pipeline to shut down in May 2021, leading to widespread gas shortages. Soon after, hackers linked to Russia targeted the meat supplier JBS. In both cases, the companies paid millions of dollars in ransom in order to get their systems up and running again.
Russia was also responsible for one of the most devastating hacks involving U.S. government agencies in late 2020. Known as the SolarWinds breach, U.S. officials say Russian-backed cybercriminals gained access to 10 U.S. government agencies including DHS and the Department of Commerce.
And Russian military intelligence assets have launched devastating cyberattacks against Ukraine's power grid for years, succeeding in shutting down elements of it and knocking out power to millions of people. In recent months, Ukrainian officials have accused Moscow of being responsible for another cyber outage afflicting many government websites.
Source link