The U.S. Department of Homeland Security warns that the U.S. could witness a retaliatory cyberattack at the hands of Russia if Russia decides to respond to the potential invasion of Ukraine, where 100,000 or more troops have been assembled for weeks. On the bulletin that was dated Jan. 23, 2022, officials believe that if the U.S. responds to rising tensions at Ukraine's eastern border, the Russian government or its state-sponsored actors could initiate a cyberattack.
The bulletin, obtained by ABC News reads: "We assess that Russia would consider initiating a cyberattack against the Homeland if it perceived the U.S. or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security." Russia, DHS warns, can employ a "range of offensive cyber tools" against U.S. networks, ranging from a low-level ''denial of service attack" to a "destructive" attack on critical infrastructure.
The latest warning follows a rapid increase in cyberattacks that targeted the U.S. in 2021. These include Russia-backed ransomware attacks on Colonial Pipeline, which resulted in significant fuel shortages along the U.S. East Coast and on the world's largest meat processing company, JBS.
Said Nick Martin, Director of Managed Services at Mainstreet IT Solutions, ''The Department of Homeland Security's warning about Russia is another reminder that the cyber world remains a very real target for enemies during times of conflict. Although this conflict is a physical conflict in another part of the world, technology is ultimately running the backbone of this society and infrastructure.''
Added Martin, ''If Russia were to disrupt the United States like the Colonial Pipeline attack from last year, this would cause major disruptions internally that could potentially delay a physical on-site response around the world. Perhaps this could come as a shock to many, but this is a reality that IT and cyber security professionals have been living in for some time now. It is easy to forget when the stakes do not seem as high that cyberattacks have the potential to cripple a society.''
Why Would Russia Target the U.S. Before Possibly Invading Ukraine?
A Russian invasion of Ukraine would be a disaster for Ukraine and Russia. There are also concerns that Russia will launch cyberattacks against the United States in response to any involvement in a potential war in Ukraine. ''This has happened before and more than people realize. Cyberattacks are just another avenue to instigate and make a point in an already complex situation'', said Ashu Singhal, Co-Founder and President of Orion Networks.
''Our current and future battles are being fought on a different battlefield these days; the virtual battlefield of the Internet. These virtual battles, however, have a real-world impact on our country's infrastructure, financial, and communications systems. The best way to cripple an opposing force's capability is to cause widespread chaos across as many systems as possible via a cyberattack, especially if you are simultaneously planning on initiating a real-world land invasion. The US Department of Homeland Security is preparing for exactly such a cyber-attack in light of the fact that Russia is poised to invade Ukraine'', said Anthony Buonaspina, BSEE, BSCS, CPACC, CEO and Founder of LI Tech Advisors.
''For Russia, this kind of attack could have the potential to bring the United States closer to the battle if provoked. In the same way that the Japanese provoked the United States to war in World War II, Russia could provoke a major response from the United States by taking down the critical infrastructure that the people of this country depend upon. In all reality, an attack, whether physical or cyber, represents a very real threat to the country'', said Martin.
Bryan Ferrario, CEO of Alliance Technology Partners does not believe Russia would target the U.S. in a crippling attack before a potential attack on Ukraine. Here is what Ferrario had to say:
''Talks between Russia and the United States are at a stalemate and both sides are now exchanging threats if things escalate. I don't believe Russia would engage in a crippling cyber-attack prior to a potential invasion of Ukraine. Russia is home to some of the biggest threat actors in the world. They are reminding the US of this and their ability to inflict great pain on the US by implementing substantial economic sanctions.''
Said Luis Alvarez, President, and CEO of Alvarez Technology Group, ''The vast majority of cyberattacks to date have been done for one of two purposes: make money or steal data. A Russian state-supported attack in relation to the Ukraine situation would be done for a completely different purpose: to disrupt and cripple businesses and government agencies in the U.S. to distract the country from helping Ukraine in the short run, and in the long run to dissuade the U.S. from taking any steps to actively support Ukraine under the threat of additional attacks. Russia thinks that enough disruption would create such a public backlash against supporting Ukraine.''
''In my opinion, there are two primary reasons why cyberattacks target the United States. Primarily, you want the world, in particular, those that are supporting Ukraine, to focus on other things - such as an attack of large proportions in the United States and that could disrupt the markets. Secondarily, it is a quick and easy way to fund military attacks by recovering ransomware payments'', said Ilan Sredni, CEO and President of Palindrome Consulting, Inc.
''Russian hackers are highly motivated by money and patriotism. For the most part, they operate with impunity as long as they are targeting enemies of Russia and refrain from attacking any organizations based in Russia'', said Ferrario.
Could Cyberattacks on the U.S. Backfire?
Cyberattacks against the US may backfire against Russia since any attack that a Russian cybercriminal group attempts to launch will tell us where our vulnerabilities are. ''It's a serious game of measures and countermeasures. For every weakness that a cybercriminal finds, we need to counter it with additional security'', said Buonaspina.
Said Ferrario, ''It depends on the timing and impact of an attack. A large-scale attack on the US, during this escalation, would certainly warrant major action by the US. The Department of Defense can perform a large-scale, crippling attack on Russia. The problem is that Russian capabilities are strong as well. In a cyber-warfare scenario, the United States has the most to lose as we have a much larger technology footprint to protect.''
What Can U.S. Organizations Do to Protect Themselves?
Businesses and organizations should continue with current cybersecurity best practices. The recent actions should cause a heightened sense of concern and alert, but businesses and organizations should already have measures in place to protect themselves against any type of cyberattack. Here are a few areas businesses and organizations should focus on:
- Developing a comprehensive cybersecurity strategy.
- Investing in security solutions that work together, not independently.
- Ongoing cyber awareness training and testing.
- Securing your hardware.
- Investing in cyber insurance.
- Encrypting and backing up data.
- Performing network scans.
''U.S. organizations need to do everything they can do to protect themselves, starting with consulting with cybersecurity experts, either within their organizations or from the outside. Most business leaders do not have the knowledge they need to make informed decisions about cybersecurity and, much like any subject where you lack enough knowledge, you need to bring in experts'', said Alvarez.