Although the United States is bracing for retaliatory Russian cyberattacks, experts in the field say the Kremlin is likely still weighing whether destructive action in cyberspace is worth the blowback.
Russia has shown cyber restraint, at least for the moment, even as the West imposes sanctions that have quickly strangled its economy and targeted government leaders and oligarchs.
“The question is not ‘can Russia carry out cyberattacks against Europe or the United States,’ ” said Melissa Griffith, a senior program associate with the science and technology innovation program at The Wilson Center.
“The question is ‘what would Russia have to gain from and what would they risk by carrying out cyberattacks against the United States and Europe.’ ”
Griffith added that intentionally crippling U.S. critical infrastructure through a cyberattack is “risky and unwise” as the U.S. prepares to take countermeasures against Russia, such as imposing further economic sanctions.
The U.S. and Western Europe have taken unprecedented measures against Russia, cutting the country off from roughly $600 billion in reserves held by the Central Bank of Russia, cutting off Russian access to the U.S. dollar and banning the state banks from using SWIFT, a messaging system used by banks to conduct international transactions.
U.S. lawmakers and NATO officials have also raised the possibility that destructive cyberattacks on infrastructure or militaries could trigger NATO’s Article 5, which says that an act of war against any member will trigger a response from the full alliance.
Michael Daniel, CEO of the Cyber Threat Alliance and a former cybersecurity official during the Obama administration, said that Russia is “definitely going to be cautious on doing things that could be escalatory.”
But that hasn’t eased U.S. fears of Russian aggression in cyberspace.
Sen. Mark Warner (D-Va.), chair of the Senate Intelligence Committee, said on Monday during a Washington Post live event to expect the Russians to use cyberattacks following crippling sanctions imposed by the U.S. and the European Union that caused the value of the ruble to plunge.
“I think we will probably see that in the coming days and weeks as Putin tries to lash out against the crippling level of sanctions we’ve put on him.” Warner said.
And last week, the Cybersecurity and Infrastructure Security Agency (CISA) updated its “Shields Up” guidance for organizations, urging businesses to remain “laser-focused on resilience” following cyberattacks that left several Ukrainian government websites down.
“While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our Allies,” the CISA guidance states.
“Every organization — large and small — must be prepared to respond to disruptive cyber activity,” it added.
Cyber experts told The Hill that the U.S. oil and gas industry is particularly vulnerable to cyberattacks because it is not mandated by law to invest in cybersecurity.
The experts also said it’s difficult to predict exactly how the Russians plan to use their cyber weapons against the West.
“I think many of us in the industry expect that some form of retaliation will come through cyberspace because it’s an area that the Russians have a lot of capability and it’s one where the West has a lot of vulnerabilities,” Daniel said.
The vulnerabilities in question are that the U.S. and Western Europe are digitally dependent societies, making it almost impossible to survive without the internet.
“Everything is reliant in some form on digital capabilities, and that means that there are a lot of different avenues to create disruptions … for the West,” Daniel said.
The Biden administration has urged critical infrastructure, including banks, the energy and health care sectors, to strengthen its cyber defenses from a range of attacks including ransomware and distributed denial-of-service attacks, which were used by Russian groups that carried out the high-profile hacks on the Colonial Pipeline and meat processing giant JBS.
During the Washington Post live event, Warner also said that a cyberattack could trigger NATO’s Article 5.
“I absolutely believe that a cyberattack could constitute an Article 5 violation,” Warner said. “I gave you the example earlier of an attack against Ukraine bleeding into Poland, a NATO nation, or even hurting NATO troops, number one.”
Daniel said if a cyberattack has the same consequences as a physical attack, then there’s no reason not to trigger Article 5. “What’s important to focus on there is the effect and not the vehicle that delivered the attack,” he said.
Countries including the United Kingdom, France and the Baltic states should be even more vigilant, as they are the main target for Russian cyberattacks, said James Lewis, a senior vice president and director with the strategic technologies program at the Center for Strategic and International Studies.
Lewis explains that Russia has in the past sent spies to infiltrate the British government and expects the former Soviet nation to do the same when it comes to cyber.
As for France, Lewis said that the Russians are probably “saving their ammunition” for the upcoming presidential election, which will be held in mid-April, to interfere with the process, particularly if President Emmanuel Macron ramps up the country’s response to Russia’s invasion.
“If you are the Russians, you would want to wait for the time when you could have the most effect,” Lewis said, noting that the Russians attempted to interfere in the last French presidential election but the French government was successful in blocking it.
Lewis said that a number of European countries have good cyber defenses, including the U.K., the Netherlands, Sweden, Finland and the Baltic states. “There’s a few that have done a good job, but there are many that are unprepared,” he said.
As for Ukraine, Lewis said that the country is uniquely vulnerable to Russian cyberattacks because Russia built Ukrainian infrastructure, including the electric grids and the telecom systems.
However cyber aggression plays into the ongoing Ukraine-Russia war, it will likely highlight how central the digital landscape will be in future geopolitical conflicts.
“Cyberattack is now part of everybody’s military planning,” Lewis said. “It’s the future weapon that countries will use when they fight.”