We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
While the U.S. will not be sending in troops in response to Russia’s unprovoked invasion of Ukraine, NBC News reported that advisers have presented U.S. President Joe Biden with options for “massive cyberattacks” aimed at disrupting Russia’s military efforts.
The report published today, which cited four sources familiar with the matter, was dismissed by a White House spokesperson. However, the NBC News report itself specified that cyberattacks would be either covert or clandestine military operations, and the U.S. would never publicly acknowledge the activities.
The proposals include the use of U.S. “cyberweapons” in an unprecedented manner — “on a scale never before contemplated” — to target Russia’s military, according to the NBC News report. Agencies including U.S. Cyber Command, the NSA and the CIA would be among those with a role in the operation, according to the report.
In comments to VentureBeat on Thursday, cybersecurity experts provided a range of perspectives on the idea, from cautious support of the general concept to wariness — due in part to concerns about whether U.S. cybersecurity defenses would be up to the challenge of an cyber escalation involving Russia.
Hitesh Sheth, president and CEO at Vectra, said that it’s “imperative” that the U.S. “consider offensive options” in this situation. However, “going on the offensive without the right technology to defend ourselves in cyber space would be bad strategy,” Sheth said.
And given the challenges of executing strong cybersecurity across critical infrastructure in the U.S., a retaliation by Russia could have “devastating” impacts on services that Americans depend on, said John Hellickson, field CISO and executive advisor at Coalfire.
“We have a lot of work yet to do here at home to ensure such retaliatory attacks could be sufficiently thwarted, as evidenced by very public ransomware and similar attacks recently,” Hellickson said. “I believe we need to avoid crossing the line of such considerations, as it’s difficult to predict the impacts of a likely retaliation.”
It’s of course no secret that Russia already wages cyber warfare against the U.S. on a regular basis, said Leo Pate, managing consultant at nVisium.
And “just because one country invades another, doesn’t mean a new call-to-action needs to be proclaimed,” Pate said.
Christian Sorensen, former operational planning team lead for the U.S. Cyber Command, said that “there are definitely creative ways that cyber could be used to have an impact on Russia.”
“This creativity brings new options,” said Sorensen, who is now founder and CEO of cybersecurity firm SightGain. “However, we have to be careful because: cyber is ambiguous in attribution and perception, somewhat unpredictable in impact, and therefore very hard to predict response especially since Russia does not use the same playbook.”
Ultimately, “I have confidence that our strategy and policy approach will be informed and deliberate in response to the situation,” he said.
Cyber operations are a “low-cost way to inflict inconvenience” on an adversary, said John Bambenek, principal threat hunter at Netenrich.
“But in the absence of conventional military force, it will, at best, slow Russia down,” Bambenek said. “This provides the opportunity to look like we are ‘doing something,’ without the consequences of doing what would be effective to counter this invasion.”
Starting a cyberwar?
Danielle Jablanski, OT cybersecurity strategist at Nozomi Networks, said that even the “most well-informed intelligence professionals and war planners still do not know what escalation looks like in an unprecedented exchange of cyber warfare.”
“Any cyber operation to counter Russian military aggression in Ukraine that wants to avoid encouraging Putin to take more drastic steps cannot threaten the lives and safety of innocent civilians,” Jablanski said. “Cyber weapons might include zero day exploits and the potential to impose high costs on an adversary, but they also potentially lead to unintended consequences which might not be justifiable if unprovoked.”
Hellickson added that “although it would be interesting to see the true capabilities of the US Cyber Command and supporting agencies in response to the Russian invasion of Ukraine, launching a cyberattack would take it to a whole new level while setting a dangerous precedent going forward.”
Ultimately, it would raise the question, “Would this cyberattack be considered a direct act of war?” he said.
‘Menu of options’
The NBC News report, which indicated that Biden has a “menu of options” for intervening with cyberattacks against Russia on Ukraine’s behalf, is not accurate, a White House spokesperson said Thursday.
“This report on cyber options being presented to @POTUS is off base and does not reflect what is actually being discussed in any shape or form,” said White House press secretary Jen Psaki on Twitter.
However, Sam Curry, CSO at Cybereason, said it wouldn’t be surprising if President Biden’s top advisors really had presented him with a variety of options to consider, including cyber counterstrikes. “Counterstriking is within the power of the government — and simply saying it forces the stakes higher for Putin and Russia,” Curry said.
While aimed at disrupting military operations, NBC News reported that the proposed cyberattacks would impact more than just the military, however.
The options include disruption of internet connectivity throughout Russia, a shutdown of electric power and even “tampering with railroad switches to hamper Russia’s ability to resupply its forces,” several of the sources told NBC News. Three of the four sources cited in the report are said to be part of the intelligence community.
Additionally, according to the report, these options aren’t only meant for use if Russia launches cyberattacks against the U.S. — as the Department of Homeland Security warned about weeks ago. The options include a “preemptive” cyber strike against Russia in response to the country’s unprovoked assault on its neighbor Ukraine, NBC News reported.
Notably, the cyberattacks that are being considered would be intended only at disruption — rather than destruction — of any Russian systems or infrastructure, which would keep the attacks from meeting the definition of an “act of war,” according to the report.
Cyberwarfare already under way
Russian cyber offensives have already been playing a role in the country’s build-up to its assault this week. Authorities in the U.S. and U.K. blamed Russia for last week’s massive distributed denial-of-service (DDoS) attacks in Ukraine. Fresh DDoS attacks, as well as destructive cyberattacks that involved wiper malware, struck Ukraine on Wednesday just ahead of the invasion.
The attacks — which researchers say included ransomware as a possible decoy or distraction in some instances — have notably also impacted machines in the NATO countries of Lithuania and Latvia, according to Symantec researchers.
In remarks at the White House today, Biden cited the cyberattacks as among the activities that led up to the Russian invasion.
In his White House remarks, Biden reiterated a statement he’d made last week, saying that “if Russia pursues cyberattacks against our companies, our critical infrastructure, we are prepared to respond.”
“For months, we’ve been working closely with the private sector to harden our cyber defenses, sharpen our ability to respond to the Russian cyberattacks,” Biden said in the remarks today. The address also included an announcement of new sanctions against Russian financial institutions and individuals.
In his address prior to the invasion, Russian President Vladimir Putin had threatened that “whoever tries to interfere with us … should know that Russia’s response will be immediate and will lead you to such consequences that you have never experienced in your history.”
Russia has “multiple options at its disposal to initiate cyber warfare against the U.S. and its western allies. Any attack could seriously impact our critical infrastructures,” said Eric Byres, CTO of aDolus Technology.
“The simplest action at Putin’s disposal is to take the muzzle off the ransomware actors operating out of Russia. The last few months have been suspiciously quiet in terms of ransomware activity, and I suspect that was deliberate,” Byres said. “Moscow could now subtly message the ransomware community that it is open season and then sit back to watch the chaos. This strategy also has the advantage of deniability: it is hard to prove a ransomware attack has been sanctioned by the Russian government.”
Beyond that, Moscow could also take a more active approach in cyberattacks, “as we’ve seen in Georgia, Ukraine and the world in general,” he said. “Both Russia and its ransomware-proxies have become proficient in both software supply chain attacks and OT-focused attacks. These are likely to be the next wave of a coordinated Russian cyber/military offensive.”
No cyberattacks impacting the U.S. or Western European countries, that are suspected to have a connection to the invasion of Ukraine, have been reported as of this writing.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.