US warily eyes another front in Ukraine-Russia conflict: Cyberspace
| Washington; and Kyiv, Ukraine
In a wooden-and-glass complex not far from the center of Kyiv, cybersecurity professionals from Ukraine’s private sector are teaming up with state experts to try to rebuff attacks by hackers with presumed Kremlin ties.
Serhiy Prokopenko, head of the Ukrainian National Cyber Security Coordination Center, says Russian-suspected cyberattacks have increased since October, becoming larger and more complex – and designed to undermine citizens’ confidence in the government.
Why We Wrote This
Known for its hacking prowess, Russia has never launched a cyberattack that utilizes its full range of capabilities. Unclear rules of engagement and the risk of unintentional escalation compound the threat.
What most worries Kyiv is a repeat of the 2017 NotPetya malware attack, which took the radiation monitoring system at Ukraine’s Chernobyl nuclear power plant offline. It also wreaked havoc on Ukraine’s banking and metro systems, and caused more than $10 billion in damages worldwide.
While Russia’s cyber prowess is well known, it has yet to deploy the full range of its capabilities. The potential for a serious attack on Ukrainian or even U.S. critical infrastructure casts an added degree of uncertainty over the current Ukraine-Russia standoff, especially with the potential for unintended escalation in the cyber realm.
“We’ve seen cyberattacks that have been one or two bugs,” says Democratic Sen. Mark Warner of Virginia, who chairs the Senate Intelligence Committee. “But we’ve never seen a first-tier nation-state with capabilities like Russia launching a full-on cyberattack.”
As U.S. and Ukrainian officials try to pin down Russia’s troop movements amid growing skepticism of President Vladimir Putin’s claims of a partial withdrawal, an even trickier front to monitor may be cyberspace.
Key Ukrainian websites, including those of the Defense Ministry, military, and two major banks, were disabled by a distributed denial of service (DDoS) attack on Tuesday. Some ATMs shut down briefly, and customers experienced difficulty logging in or checking their balances.
The Ukrainian Centre for Strategic Communications and Information Security said that the relatively unsophisticated attacks, which can sometimes be used as a smokescreen for more destructive activities, were three times greater in magnitude than any previous DDoS attacks on the country and cost millions of dollars.
Why We Wrote This
Known for its hacking prowess, Russia has never launched a cyberattack that utilizes its full range of capabilities. Unclear rules of engagement and the risk of unintentional escalation compound the threat.
“The key goal of the attack is to show the strength of foreign intelligence services and the weakness of the Ukrainian government and to sow panic and chaos in society," the Ukrainian Centre for Strategic Communications and Information Security posted on its Telegram account. Illya Vityuk, head of the Security Service of the Ukraine Cyber Security Department, said there was evidence that foreign special services were involved and added that the country currently interested in such blows to Ukraine’s image is Russia.
In Washington, members of Congress expressed concern about possible Russian cyberattacks not only on Ukraine but also on America’s critical infrastructure. On Monday, the FBI and Department of Homeland Security held a call with state officials, urging them to be on high alert, Yahoo News reported. Senators warned that such an attack would result in grave consequences for Moscow.
“If they were to hit our infrastructure, they know that we would view that as being a very, very serious act of aggression,” Sen. Mike Rounds of South Dakota, the top Republican on the Armed Services subcommittee on cybersecurity, told the Monitor. “If they get into certain parts of our infrastructure, it could be considered an act of war, which would bring holy hell down on Russia.”
In addition to meddling in the 2016 U.S. election, by exploiting partisan divides to pit citizens against each other and undermine faith in American democracy, Russia has also targeted U.S. infrastructure, including energy, nuclear, water, and aviation sectors. It compromised U.S. energy networks, enabling it to conduct reconnaissance for a possible future attack. But an actual attack that shut down such sectors would put both Russia and the United States in new territory.
One challenge is that the rules of engagement in the cyber realm are unclear, senators acknowledged. And there is a greater risk of unintentional escalation, given the speed of attacks and the difficulty in immediately determining the attacker’s identity and intent. While Russian hackers have wreaked havoc in Ukraine for years, they have yet to deploy their full range of capabilities, casting an added degree of uncertainty over the current standoff.
“We’ve seen cyberattacks that have been one or two bugs,” says Democratic Sen. Mark Warner of Virginia, who chairs the Senate Intelligence Committee. “But we’ve never seen a first-tier nation-state with capabilities like Russia launching a full-on cyberattack.”
Ukraine: “We are on the front line”
Over the past 15 years, Russia has been refining a 2.0 version of Soviet-era disruption techniques, enhanced by 21st-century technology. In each of its forays into former Soviet states, it has combined cyberattacks with on-the-ground interference – first in Estonia, then in Georgia, and most markedly in Ukraine since Russia annexed Crimea from it in 2014.
Russian military intelligence agents launched back-to-back attacks on Ukraine’s power grid over the next two years, according to a U.S. Department of Justice indictment. The U.S. also blamed the Russian military for the 2017 “NotPetya” malware attack, the world’s largest cyberattack to date, which targeted companies doing business with Ukraine and caused more than $10 billion in damages.
“We are on the front line,” says Serhiy Prokopenko, head of the Ukrainian National Cyber Security Coordination Center (NCSCC). “Lots of tactics and malware families that were tested here were then used in Western countries.”
In a wooden-and-glass complex not far from Kyiv’s center, players from the private sector meet with state cybersecurity experts in NCSCC offices to compare notes on how to rebuff attacks by hackers with presumed Kremlin ties.
Mr. Prokopenko says there has been an increase in Russian-suspected activity since October, with attacks becoming larger, more targeted, and more complex. January’s “Operation Bleeding Bear” left dozens of government websites offline or defaced. These cyber operations are an integral part of Russia’s hybrid war against Ukraine, designed to undermine confidence in the government.
“They want to make services unavailable for citizens – energy, transport, financial services, and public services – in order for people to change their mind about the government in Ukraine,” he says.
What most worries Kyiv – and Western companies active in Ukraine – is a repeat of NotPetya, which took the radiation-monitoring system at Ukraine’s Chernobyl nuclear power plant offline. It also hit Ukraine’s banking and metro systems.
While Ukraine is not a member of NATO, the shared goal of thwarting Russian cyberattacks has led to cooperation, including joint exercises planned in the next couple of months.
“We are trying to be more integrated in the NATO way of countering cyberthreats,” adds Mr. Prokopenko.
U.S. bracing for a possible retaliatory attack
Congress had been working on a sanctions package to deter any Russian military action, including a cyberattack. But that effort stalled Tuesday, with Senate Foreign Relations Committee Chairman Bob Menendez blaming top Republican Sen. Jim Risch of Idaho for introducing a new GOP draft after weeks of bipartisan talks. The delay allows Moscow to continue to benefit from a rise in oil prices, which have seen a 50% increase over the past year. Instead, a bipartisan group of senators issued a statement.
“Make no mistake: the United States Senate stands with the people of Ukraine and our NATO allies and partners most threatened by Russian aggression,” they said. “We are prepared to respond decisively to Russian efforts to undermine the security of the United States at home and abroad.”
But some are concerned that the U.S. has demonstrated more bark than bite when it comes to Russian cyberattacks.
Sen. Richard Blumenthal, who sits on the Armed Services cybersecurity subcommittee, points to a 2020 attack on SolarWinds software used by more than half a dozen U.S. government departments, which officials say was likely perpetrated by Russians. “Right now, they’re attacking with impunity,” the Democrat from Connecticut says. “Have we responded?”
Sen. Angus King of Maine, who co-chaired a cyber commission to develop a more unified U.S. cybersecurity strategy, says a lot has been done in the past year to bolster the nation’s defenses – including creating a new position of national cyber director. But a key recommendation from the commission has yet to be implemented: improving coordination between the government and private sector, which controls more than 80% of U.S. critical infrastructure.
Senator King, an independent who caucuses with Senate Democrats, says there’s “significant” concern that Russia could retaliate against U.S. support for Ukraine with a cyberattack. “Obviously no one wants to escalate this conflict. But if Russia chose to escalate it some way in response to whatever we did, then cyber would be one of the things they would choose.”
“It’s kind of like poison,” says Senator Risch, noting that Russia started with a cyberattack before interfering in Estonia, Georgia, and Crimea. “It’s [a weapon] in their quiver that they reach for and grab very easily.”
