Russia may be holding cyber capabilities in reserve, so US must keep its shields up: Experts

WASHINGTON: Although Russia’s cyber operations have been “relatively mild” against Ukraine, the United States should keep its shields up in case any cyber attacks hit the private sector or critical infrastructure, according to the chairman of the Senate Select Committee on Intelligence and a group of cybersecurity experts. 

“I still am relatively amazed that they have not really launched that level of maliciousness that their cyber arsenal includes,” Sen. Mark Warner, D-Va., said today during a Center for Strategic and International Studies event. “Now, will we see that in the coming days? I think that remains a possibility. Are they holding that for potential use against the West and or America? Again, we’ll see.”

Warner said the private sector needs to ramp up its investments in the cyber domain and pointed to the omnibus spending bill passed by Congress last week, which includes mandatory cybersecurity incident reporting language. 

“That will require mandatory reporting to CISA if you are a victim of a cyber attack,” Warner said of the legislation. “We don’t want to hold the company accountable. We do want to go after malware actors. I think this is a giant, giant step forward both in terms of the challenges vis-a-vis Ukraine, but on a broader basis to make sure that the current level where we only have about 30% of cyber attacks actually being reported to the government this over the long haul will give us a much greater tool to have that reporting assistance… and we can then share it with our private sector partners.”

RELATED: Top American Generals On Three Key Lessons Learned From Ukraine

Russia has allegedly been the culprit behind a series of cyber attacks against Ukraine in the past few months, from distributed denial of service attacks against Ukrainian government and banking websites to wiper attacks that may have extended beyond Ukraine’s borders, according to research from the Council of Foreign Relations. A US official told reporters in February there were also indications Russia also conducted cyber attacks against the Kakhovka hydroelectric power plant.

Chris Painter, president of the global forum on cyber expertise foundation and former coordinator for cyber issues at the Department of State, echoed Warner’s comments, saying he thinks everyone is somewhat surprised there hasn’t yet been a larger use of cyber aggression by Russia. 

“But I think many people predicted a massive sort of a cyber attack in Ukraine that would’ve gone after command and control, gone after communications. And that hasn’t really happened,” he said. “We also haven’t seen the blowback against Western democracies, including the US, so far. And I think the critical part of that is so far… We’re still in the relatively early days even though this has been several weeks now. It could well be that Russia is holding those capabilities in the reserve and haven’t used them yet.”

Greg Rattray, partner and co-founder of cyber advisory firm Next Peak, said one of the reasons there hasn’t been a stronger cyber response from Russia is because “they aren’t as deeply embedded and as capable as we… had thought going into this, at least in the Ukraine.”

Ukraine also has stronger footing on the cyber front than it did several years ago. Painter said the Ukrainian government has “spent some time trying to build their infrastructure, trying to build cybersecurity.”

Those efforts have extended beyond the government in light of Russia’s invasion, with Mykhailo Fedorov, Ukraine’s deputy prime minister and minister for digital transformation, putting out a call for people to join an all-volunteer “IT army” consisting of Ukrainian nationals and anyone across the world who wants to fight on the cyber front. 

In an interview with Breaking Defense this month, CrowdStrike Senior Vice President for Intelligence Adam Meyers said that although he sees avenues for cyber attacks closing in Ukraine, it doesn’t mean it’s closing elsewhere for the rest of the world.