Intel chiefs, lawmakers wait for other shoe to drop on Russian cyberattacks against Ukraine
U.S. intelligence leaders and House lawmakers on Tuesday signaled they remain on edge that Russia could unleash a digital salvo on the country, and its allies, as Moscow’s invasion of Ukraine escalates.
The various remarks — made during the public segment of the House Intelligence Committee’s annual worldwide threats hearing — are the latest acknowledgment that, while Russia has engaged in some malicious activities against Ukraine, the Kremlin has yet to fully deploy its legions of hackers and that what until now have been minor skirmishes could grown into full-scale, online conflict with ramifications for the rest the world.
“Offensive cyber operations present a significant risk to our homeland,” Intelligence Committee Chair Adam Schiff (D-Calif.) said in his opening statement. “As the crisis in Ukraine continues, we must be extremely watchful.”
The Biden administration last month attributed denial of service attacks on Ukrainian military and bank websites to Russia’s military intelligence agency, prompting officials to warn systems administrators in the public and private sectors to watch for suspicious activity that could disrupt their operations.
"Beyond its invasion of Ukraine, Moscow presents a serious cyber threat, a key space competitor and one of the most serious foreign influence threats to the United States," Director of National Intelligence Avril Haines said in her opening statement, noting Moscow uses its intelligence services, proxies and other tools to pursue its interests and divide Western alliances.
Her remarks tracked closely to the intelligence community’s latest annual threat assessment, also released Tuesday, that found Russia is “particularly focused on improving its ability to target critical infrastructure, including underwater cables and industrial control systems, in the United States as well as in allied and partner countries, because compromising such infrastructure improves and demonstrates its ability to damage infrastructure during a crisis.”
The document also laid out the cybersecurity threats posed by China, Iran, North Korea and transnational criminal organizations.
U.S. Cyber Command and National Security Agency chief Gen. Paul Nakasone said the U.S. has observed “three or four” Russian cyberattacks on Ukraine, “which we've watched and we've tracked very carefully.” He did not elaborate.
“In terms of why they haven't done more, I think that's obviously some of the work that the Ukrainians have done, some of the challenges that the Russians have encountered and some of the work that others have been able to prevent their actions,” he told the committee.
“It has not been what we would anticipate when we were going into this several weeks ago,” Nakasone added.
He said that he is “very focused” on potential spillover from Russia’s digital attacks on Ukraine, as well ransomware actors that might strike the U.S. or its allies, especially against critical infrastructure.
FBI Director Chrisopher Wray likewise said his organization is “deeply concerned” cyberattacks could spiral out of the nearly two-week old military conflict and cautioned Moscow might not be able to control whatever it unleashes online.
“The reality is they've shown a history of not being able to kind of manage the effects of it as well as they intend, even if you give them the benefit of the doubt, which I tend not to,” he said, referring to the 2017 NotPetya ransomware attack that was carried out by Russian forces against Ukraine and quickly spread across the globe.
Despite the various warnings from the spy agency leaders, Nakasone and Defense Intelligence Agency chief Lt. Gen. Scott Berrier said they have seen no evidence thus far that other adversaries are trying to capitalize on the global tension around Ukraine to conduct cyberattacks against the U.S.
“We have, obviously, a high degree of vigilance right now, just for a number of different threat streams that are out there, but they're not necessarily only predicated on what we're seeing with the Ukraine,” according to Nakasone.
Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.