Experts Warn Cyberwar Still Possible

Russia May be Holding Best Weapons in Reserve

Ukrainian president Volodymyr Zelensky visits frontline troops in Ukraine's Donetsk region Feb. 17. The country's government has called for hackers both inside Ukraine and abroad to help with a cyber offensive against Russia's government, military and economy. | Shutterstock

Mar 2, 2022 | Holden Mann

Fears of a major Russian cyberattack against Ukraine have not materialized so far, but experts warn it is still far too early for cyber defense to relax.

For years, analysts have assumed that any Russian military action against its neighbors would be preceded by a major cyber offensive against the target country and its allies, aiming to disable its electricity and other utilities, along with government, military and civilian communications networks.

Nearly a week into Russia’s invasion of Ukraine, that threat doesn’t seem to have materialized. While the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has noted an outbreak of “destructive malware … affecting Ukraine and other countries in the region,” Ukraine’s infrastructure appears largely intact. President Volodymyr Zelensky and his government certainly seem to have no problems keeping their smart devices charged and connected to the internet, rallying resistance to Russian tanks and bombers.

Likewise, while CISA is currently in a “Shields Up” posture and has called for critical infrastructure operators to be vigilant, the agency still says it sees “no specific or credible cyber threats to the U.S. homeland” despite having warned in January that such attacks might be imminent. (See Utilities Warned of Cyberattacks amid Russia Tensions.)

But experts say it would be a mistake for cybersecurity professionals to label Russia’s cyber capabilities an empty threat. The fact that the country apparently has not deployed its arsenal doesn’t mean the arsenal is bare, they say, and with the invasion just days old, there is plenty of time for the country’s leadership to reconsider its strategy and bring out the big guns.

“It’s no different than any other wartime tactic; once you reveal your playbook, there’s going to be a countermeasure … attached to it,” Betsy Soehren-Jones, Fortress Information Security’s chief information officer, told ERO Insider. “You’ve got to be strategic in how you push out those playbooks, and it just hasn’t been time yet.”

Fortress CEO Alex Santos agreed with Soehren-Jones, likening the Kremlin’s cyber offensive forces to its hypersonic missiles. The world has known of the technology for years; Russia test-fired the system shortly before the invasion into Ukraine began; and the fact that Russian President Vladimir Putin has not yet used it is no guarantee that he will not do so.

Santos suggested that Russia’s strategy so far indicates a “calculation that they can take and achieve their military objectives with their traditional weapons,” rather than exposing their more advanced cyber capabilities to the eyes of foreign intelligence agencies. If the conventional attack fails to reach its goals and economic sanctions begin to bite, then Putin may decide to move more aggressively against both Ukraine and those supporting it, including the U.S., he warned.

“One of the things that Russia has historically done is … surveillance and harassment and sowing seeds of misinformation. You might say that SolarWinds was that kind of attack,” Santos said, referring to the 2021 incident in which hackers — identified by the U.S. as Russia’s Foreign Intelligence Service — planted malware in the SolarWinds Orion network management software used by thousands of organizations around the world.

“We may see sort of a gradual campaign over time of them continuing their programs of meddling [and] death by a thousand cuts kind of thing,” he continued.

Questions About Ukraine’s Cyber Defenses

Ukraine’s readiness in the event of a major cyber offensive is still considered an open question by many in the industry. The country seems to be holding its own against the WhisperGate and HermeticWiper malware, which cybersecurity professionals identified earlier this year and which CISA and the FBI warned about last week. Ukrainian government officials are also attempting to organize an international network of hackers to strike back against Russia in cyberspace.

But industry watchers remain concerned about Ukraine’s capacity to resist a major, well resourced operation like the ones that targeted the country’s power grid in 2015 and 2016. (See Six Russians Charged for Ukraine Cyberattacks.) Robert M. Lee, CEO of cybersecurity firm Dragos, warned in a media briefing last week that he feared the investment in needed cybersecurity improvements since then has been severely lacking.

“I’m not saying there hasn’t been good work. But that stuff isn’t related to their infrastructure. Do I think they are building up more knowledge about what to do? Sure. Do I think that their infrastructure and the defensive ability of those infrastructure companies are in any better place than they were in 2015? No, I do not,” Lee said. “I think that if Russia, as an example, wanted to take down the electric system in Ukraine, they would be much more prepared to do so than … in 2015 and 2016.”

The situation may be brighter in the U.S. Santos called NERC’s Critical Infrastructure Protection (CIP) standards “the most robust cyber regulatory construct” among any other utility sector, and NERC has been quick to reassure the public of the Electricity Information Sharing and Analysis Center’s (E-ISAC) preparedness to quickly coordinate a response to potential attacks.

“Security of the grid continues to be a key priority for NERC, the U.S. and Canadian governments, and industry,” the organization said in a statement on Monday. “The continued coordination across our industry helps ensure vigilance and allows us to respond quickly should the need arise — we know nearly 400 million North Americans are counting on us.”

FERC & Federal NERC & Committees