DHS bulletin warns of Russian cyberattacks in retaliation if US responds to Ukraine invasion

As the big “will they or won’t they” continues to dominate the headlines, the Department of Homeland Security (DHS) has issued a bulletin to law enforcement warning that Russian cyberattacks on the United States United are possible if Ukraine is invaded.

DHS specifically warns that these attacks could occur in response to US or NATO actions if Russia were to physically invade Ukraine, and if Russia believes these actions threaten its “long-term national security.” .

Russian cyberattacks on the United States are a possibility in an extreme scenario

The whole premise rests on the fact that Russia first invaded Ukraine with its troops, which is far from certain despite increasingly impassioned rhetoric from elements in the United States who appear to be seeking a fight.

But if there were to be an invasion, and if Russia didn’t like the US or NATO response, DHS is assessing the possibility of Russian cyberattacks on US territory. The agency says that even in the event of some sort of direct conflict, Russia’s threshold for carrying out “disruptive or destructive cyberattacks” on targets in the United States remains “likely very high”.

The DHS is nonetheless calling for a “heightened state of alert”, citing the range of possible Russian cyberattacks (from low-level denial-of-service attacks to potential disruptions to critical infrastructure). State-backed Russian hacking teams are believed to have had access to aspects of the national power grid for years, and concerns over critical infrastructure have been heightened dramatically with the attack on Colonial Pipeline by a Russia-based criminal gang. Russia last year.

The back and forth between the United States and Russia had reached the point where the United States and NATO had sent weapons systems to Ukraine just before the DHS warning. Estonia, Lithuania and Latvia have received NATO permission to send Javelin anti-tank weapons and Stinger air defense systems to Ukraine, and the UK is additionally supplying light anti-tank weapons. This equipment is sourced from US arms manufacturers and requires US government authorization to be sold or moved. The US government is also directly supplying Ukraine with five Mi-17 transport helicopters that were to be deployed to Afghanistan prior to the withdrawal.

There has yet to be an attack on critical infrastructure or US utilities by hackers linked to the Russian government, although these groups are believed to have penetrated and explored electrical systems on several occasions. The attack on Colonial Pipeline provided a taste of what might be possible, however, as fuel deliveries to several states were halted for nearly a week. Russian government-backed cyber activities in the United States have so far been limited to espionage, such as the brazen attack on SolarWinds in 2020.

Tim Erlin, vice president of strategy at Tripwire, wondered exactly what the average organization is supposed to do in response to a warning like this: “The cybersecurity industry has grown accustomed to waving the idea of ​​“nation-state” adversaries, but I think we have yet to see cyberattacks used in concert with a full-fledged military campaign. The DHS warning indicates that something is expected to have changed in the threat profile, and that organizations should be prepared for a change in the types of attacks they see… It is entirely valid for organizations to ask themselves what they are supposed to do differently in the face of this. type of alert. Cybersecurity already calls for constant defense, and an alert like this doesn’t magically remove the obstacles that prevent organizations from implementing strong security controls. For most businesses, a DHS alert simply doesn’t create a budget or add people to their staff. »

Could the wave of cyberattacks in Ukraine spread?

Russian cyberattacks are not uncommon in Ukraine, dating back to the outbreak of tensions between the nations in 2014. However, the current Russian cybercampaign so far has been limited to a series of defacements of national and local government websites. which seemed to threaten the mass doxxing of the country’s citizens. Russia has blamed the attack on a Ukrainian separatist group.

Mandiant, a leading cybersecurity firm, also weighed in in a report released Jan. 20. The report concluded that Russian cyberattacks would not remain limited to Ukraine or the public sector if the situation continued to deteriorate.

In addition to advising heightened vigilance for Russian cyberattacks, the US government has placed 8,500 troops on heightened alert for deployment in the region. President Biden also recently deployed the Harry S Truman aircraft carrier to the Mediterranean under NATO control, the first time such a decision has been made since the end of the Cold War.

It is unclear exactly what Russia would do to the United States in retaliation, or even what the exact sequence of events should be to trigger such an escalation. A 2018 report revealed the extent to which Russian threat groups have penetrated U.S. public services since 2016, finding that they had made their way into “several organizations in the energy, nuclear, industrial, and industrial sectors. ‘water, aviation, construction and critical manufacturing’. The United States reportedly did the same ahead of Russia’s 2018 midterm elections, as a form of warning that the country was ready to “hack” in response. However, Russia has already closed power plants in other countries, including several times in Ukraine since 2016. However, the attacks are always covered in at least a thin enough layer of plausible deniability that it is not not entirely obvious that the Russian hacking teams did it. .

The agency says that even in the event of some kind of direct conflict, Russia’s threshold for carrying out “disruptive or destructive #cyberattacks” on targets in the United States remains “probably very high”. #cybersecurity #respectdataClick to tweet

Sam Curry, CSO of Cybereason, points out that this phenomenon could also work in the same way but in the other direction: “The recent disruptions in rail service in Belarus mean that the situation in Ukraine is heating up. It wouldn’t surprise me if Belarus or Russia accused the hacktivists of treason or being US or Ukrainian supporters or countries accusing the group of being a cover for western intelligence groups… seeing the cyber being used from this way to disrupt troop movement, to bring about political change and specifically targeting Russia is new. How this plays out will affect how history views this as a successful Russian invasion could include a cyber warfare component as most nations routinely check its cyber resilience today. If an invasion does not materialize, cyberpolitics or even fashionable cyberterrorism allegations could surface. What matters most is what happens next.

Comments are closed.