US, NATO Discuss Ukrainian Cyber Aid Amid TensionsWestern Nations Prepare for Potential Russian Cybersecurity Offensive
As tensions continue to flare between Ukraine and Russia, which has amassed at least 100,000 troops along Ukraine's eastern border, the U.S. continues to mull intervention, a part of which includes bolstering Ukraine's cyber defenses. This comes as experts warn that cyberwarfare could play an increasingly significant role in any direct offensive.
See Also: Healthcare Sector Threat Brief
The U.S. Department of Homeland Security on Sunday reportedly issued an Intelligence and Analysis bulletin to law enforcement agencies around the country, warning that the Russian government or its proxies could initiate a cyberattack on the U.S. if provoked, according to ABC News, which viewed the bulletin (see: Report: DHS Fears Russian Cyberattack If US Acts on Ukraine).
It reportedly said that U.S. or NATO intervention on a possible invasion of Ukraine could prompt the Kremlin to employ a "range of offensive cyber tools" - ranging from "low-level denial-of-service attacks" or a "destructive" campaign against critical infrastructure.
Despite warnings from U.S. President Joe Biden to the Kremlin, Russian President Vladimir Putin has remained steadfast on preventing Ukraine's NATO entry - and he has sought a NATO troop removal from Eastern Europe, terms that prompted international condemnation. Foreign policy experts contend that Russia views Ukraine - a former Soviet state - as part of its sphere of influence, and it annexed the Crimean Peninsula in southern Ukraine in 2014.
Earlier this month, multiple Ukrainian websites were defaced with dire warnings, and affected government sites were pulled offline for restoration.
These developments follow a problematic year for cybercrime in 2021, which saw a surge in ransomware attacks conducted by Russian or affiliated actors - including attacks on Colonial Pipeline and the meat supplier JBS. Suspected Russian actors linked to APT29, aka Nobelium, were also behind the late 2020 SolarWinds software supply chain attack, which affected approximately 100 organizations globally and nine U.S. federal agencies.
'The Future May Be Now'
On Tuesday, Matthew Olney, director of Talos threat intelligence and interdiction at Cisco, took to Twitter to write: "I hear some CI respond [to DHS' warning], 'So what, we've always faced attacks from Russia.' At its core that response shows a misunderstanding of what has and is happening."
In subsequent tweets, Olney said: "What CISA is trying to tell you is that the future may be now [following repeated espionage campaigns]. If Russia is sufficiently unsatisfied with the West's response to an invasion in Ukraine, they will look for opportunities to apply pressure on the administration."
Olney added: "You can also expect a continuation of disinformation and misleading activity. … In the end, the intent isn't to harm the long-term capability of the U.S. to supply the needs of its citizens, but to damage the immediate political ability of the administration to interfere in Russian affairs."
Olney suggested that Russian actors will "do that in a targeted, painful way… They aren't going to come straight at you. They have perfected the supply chain attack and the abuse of your trust in your partners. … And that is what CISA is trying to tell you."
CISA Director Jen Easterly approved of the comments and pointed to Olney's remarks on Twitter.
"The question is: Will Russia think it's worthwhile to cross the use-of-force threshold?" asks James A. Lewis, senior vice president and director of the strategic technologies program at the Center for Strategic and International Studies, a Washington, D.C.-based think tank.
Lewis tells ISMG that it would be a "bold move to use the cyber equivalent of force" against Western nations regarding the Ukrainian situation. "I don't think they will," he says.
Lewis, who calls the Russians particularly "shrewd," says if any actions are taken by its government, they will be "quick and surgical" in nature. "They have the capabilities; we don't have the [proper] defenses," he says, adding that NATO actions will likely determine Russia's next steps.
Speaking at an event on Tuesday, NATO Deputy Secretary General Mircea Geoană confirmed that NATO continues to work with Ukraine to increase its cyber defenses and "will continue to do so at pace."
Geoană added: "The use of hybrid attacks against Ukraine, including cyberattacks and disinformation, as well as the massing of advanced weapons on its borders, underlines the key role of advanced technology in modern warfare.
"China and Russia are investing heavily and deploying new technologies with little regard for human rights or international law, aggressively challenging our technological edge. [So] we are strengthening our cyber defenses and increasing the resilience of our critical infrastructure and supply chains to reduce our vulnerabilities."
Senators Discuss Sanctions
Amid calls for de-escalation and as Russia continues to post its troops along the Ukrainian border, eight U.S. senators reportedly met Monday to discuss potential Russian sanctions they could issue upon invasion, according to Politico.
The preliminary talks took place between four Democrats and four Republicans, including Senate Foreign Relations Committee Chair Bob Menendez, D-N.J., who has called for harsh financial penalties for Russia if it chooses to use force. According to the same report, the senators also discussed cyber components - and enhancing Ukraine's IT security capabilities.
Spokespersons for both Menendez and the Senate Foreign Relations Committee did not immediately respond to ISMG's request for additional details.
Other cybersecurity experts, however, say cyber aid to Ukraine makes sense, given recent commitments, and that the collective cyber prowess of Western allies could match Putin's aggression.
"Last year, the State Department pledged to double cyber-related aid to Ukraine, so in light of escalating tensions with Russia, additional cyber support makes sense - given resistance in some circles to send U.S. troops directly into harm's way," says Rosa Smothers, a former CIA threat analyst and technical intelligence officer.
Smothers, who is currently the senior vice president of cyber operations at the firm KnowBe4, tells ISMG: "If a military cyber offensive along these lines were deployed here in the U.S. by the Russians, then this would certainly solidify the public's political will to further support Ukraine, via both cyber and kinetic means. Russia is no match for the U.S. and our Five Eyes partners. Putin and his partners must take that into consideration before launching an outright cyber offensive."
Canada Reports Cyberattack
This week, Global Affairs Canada, which manages the nation's diplomatic and consular relations, international trade and humanitarian assistance, reported a cyberattack that officials fear was carried out by Russia or its proxies, according to the Canadian outlet Global News.
A national security source told the same publication that "it is not clear if the Russians, the alleged perpetrators, hacked into the system or were able to merely disrupt its service."
The Canadian government has been a supporter of Ukraine amid its conflict with Russia. The same report points out that Canada recently promised $120 million for the Ukrainian government and committed to train Kyiv's security forces.
As of Monday, the report notes, Canadian officials were still working to mitigate the disruption, first detected Jan. 19 - with internet-based services still affected. Officials did not provide additional technical details.
Prime Minister Justin Trudeau reportedly told reporters that the cabinet will continue to discuss assisting Ukraine, saying the situation "matters deeply to us."
[Update: Jan. 25, 5 p.m.] - The Biden White House on Tuesday also discussed potentially severe sanctions it is considering if Russia invades Ukraine. A senior administration official said, "You’ve no doubt heard us talk about how the United States, alongside allies and partners, continues to prepare a range of severe economic measures to impose on Russia if it further invades Ukraine. And, to repeat, we are prepared to implement sanctions with massive consequences that were not considered in 2014. That means the gradualism of the past is out, and this time we’ll start at the top of the escalation ladder and stay there."
In addition to financial sanctions, the official told reporters that the Biden administration is prepared to issue export controls on American-made technologies, including AI-enabling software. The official said the actions would "impair areas that are of importance to [Putin], whether it’s in AI or quantum computing or defense or aerospace or other key sectors."