ForiegnPolicy.com
Russia is preparing disruptive cyberattacks that could target U.S. energy and financial industries to cause further pain to the Biden administration, in retaliation for heavy sanctions against the Kremlin for its invasion of Ukraine, several people familiar with the matter told Foreign Policy.
The FBI warned five U.S. energy companies in mid-March that computers using Russian internet addresses had been scanning their networks, in a possible prelude to bigger cyberattacks. Top U.S. cybersecurity officials have warned that Russia is looking to conduct disruptive or destructive digital attacks, as opposed to conducting routine espionage.
The Russian handiwork could provide a means for poking the United States and other NATO countries for their support of Ukraine without provoking a wider conflict. Unlike the tit-for-tat ladder of escalation that U.S. military doctrine applies to a possible nuclear conflict with Russia or China, American officials over the last three administrations have struggled to draw clear rules of the road for cyberattacks. Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said last week that every U.S. sector is likely vulnerable to digital strikes.
Russia, which seems to have little defense for American- and European-delivered anti-tank and anti-aircraft missiles on the Ukrainian battlefield, doesn’t have to hit the biggest American target to have an impact, experts said, but can bloody the nose of U.S. companies in digital attacks that fall below the threshold of demanding a response from President Joe Biden and his team.
‘The goal is to inflict pain in a way that they can walk back from,’ said Nick Biasini, the head of outreach at Cisco Talos, the cybersecurity company’s threat intelligence arm. ‘They’re going to be going after where they can inflict damage, where they can actually cause pain.’
Dave Lewis, a Cisco global advisory chief information security officer, took it one step further. ‘Back in the early days of the internet, the attackers would try to get their defacement up and that was their whole modus operandi,’ he said. ‘Now it’s just a matter of whose IP [address] is coming up next. They’re going to cast a wide net and see what they can hit.’
Most companies have been preparing for a range of scenarios for years that Russia could roll out, including denial of service attacks to shut down networks by flooding them with traffic, defacement of government and corporate websites, or ransomware attacks that seize and lock down servers until their operators cough up cash, like the 2021 attack that knocked out the Colonial pipeline in the southeastern United States for nearly a week.
But experts believe that Russia doesn’t have to use digital attacks that harm physical infrastructure in the United States and elsewhere to cause problems. Biasini said that Russia had learned from the Colonial pipeline attack that it could cause chaos by simply hacking into the enterprise software that underlies energy companies, instead of taking more destructive and sophisticated cyberattacks that render equipment inoperable.
There are also public signals that Russian hackers could put U.S. energy companies in the crosshairs. The U.S. warnings come as pro-Kremlin propaganda channels and news outlets have ridiculed the Biden administration’s assertion that Russian President Vladimir Putin is responsible for higher global gas prices because of the wider invasion of Ukraine.
Both the United States and the United Kingdom have barred imports of Russian oil and natural gas, and major European states such as Germany—which already shelved the Nord Stream 2 pipeline project over the invasion—have promised to begin the arduous process of weaning themselves off of Russian energy, which accounts for more than 40 percent of European gas imports.
‘It’s kind of paradoxical,’ said Gavin Wilde, a nonresident fellow at Defense Priorities and an expert on Russia and information warfare who previously served as a director for Russia, Baltic, and Caucasus affairs on the U.S. National Security Council. ‘The more isolated Russia is on the global stage, the fewer constraints it may feel to act in cyberspace.’
Experts said that the higher energy prices go, the more difficult it will become for the United States to keep antsy European capitals in line with crushing sanctions against the Russians. ‘Now, I think, would be a good time from the Russian standpoint to do it, given that they’re sort of getting into a standstill on the ground in Ukraine,’ said Dmitri Alperovitch, a cybersecurity expert at the Silverado Policy Accelerator. ‘They can refocus their attention on the West and try to divide the Europeans from the U.S. on these sanctions moves.’
But even though American energy and financial companies have been girding themselves for a range of possible Russian cyberscenarios, the Kremlin’s well-honed capability and determination to render U.S. networks inoperable could make it a formidable adversary, even for the best-defended firms. ‘If the Russians focus their efforts on a target and they want to compromise that target and destroy it, they’ll be able to do so,’ Alperovitch said.
These aren’t garden-variety smash-and-grab cybercrime attacks that U.S. officials and experts are expecting from Russia this time. Russia tends to blur the line between criminal gangs and government-backed hackers, experts said, making it difficult to determine exactly what the Kremlin will order. ‘You’re dealing with an adversary that’s in a very difficult mindset and one that’s shifting all the time,’ said Biasini, the Cisco expert. ‘So it’s something that may be on the table today but might be off the table tomorrow and vice versa.’ In the past, Russia has also drawn on privateers and activists motivated by financial gains.
Domestically, the Russian government has been systematically tightening its grip on its own cybersphere, too—especially over the past few years—in pursuit of a grand strategy to cement into law the Kremlin’s total control over the internet. Since 2019, when Putin introduced a set of amendments granting the Kremlin the power to interfere with the dissemination of information online, Russians have been engaging with an increasingly engineered, censored internet. A flurry of laws passed since then have only put more pressure on tech companies to comply or face fines and other kinds of punishment.
For example, the Russian government throttled—intentionally slowed down—Twitter when the social media company refused to remove posts showing minors at protests during a surge in support for Alexei Navalny, the imprisoned Russian opposition leader, when he experienced a sharp deterioration in health in March 2021. The Kremlin had labeled sensitive content involving minors and sensitive issues, such as drug abuse and suicide, as prohibited, using it as leverage to cover up the scope of dissent, explained Grant Baker, a technology and democracy researcher at the U.S.-based nonprofit Freedom House.
During the monthlong war in Ukraine, Russian hackers have mostly tried to grab as many footholds as they can in Ukrainian networks to steal information, gain remote access, and use malicious so-called wiper software to destroy valuable files, Lewis and Biasini, the Cisco experts, told Foreign Policy. Biasini said Cisco and other U.S. companies are working with Ukraine to kill significant numbers of remote access Trojans that are used to gain remote control of computer systems.
But just as U.S. officials believe that Russian troops have run into stiffer-than-expected resistance from Ukrainian troops on the physical battlefield, Kyiv has also proved more resilient in cyberspace than the Kremlin anticipated, U.S. officials and experts said. Speaking during a Senate hearing on Tuesday, Gen. Tod Wolters, the head of U.S. European Command and NATO’s supreme allied commander, told lawmakers that Ukraine’s command of its military forces remained in place, while Russia is facing difficulties getting military orders to its units due to problems with its communications equipment, as well as disciplinary infractions in the ranks. Wolters added that he believed the United States and NATO had ‘dramatically’ improved their offensive and defensive cybertactics and ability to control the information environment over the course of the Ukraine conflict.
‘The internet’s a live-fire environment,’ said Lewis, the Cisco cybersecurity expert. ‘They’re just one more adversary in an absolute rogue’s gallery that is out there.’