An intelligence brief from the Department of Homeland Security warns stakeholders that Russia “would consider” launching a cyber attack against the United States if the U.S. or NATO respond to Russia’s potential invasion of Ukraine in a way that the Kremlin perceives as threatening to Russian security.
The memo also notes that Russia’s threshold for directly launching a destructive attack against U.S. critical infrastructure with its cyber arsenal “probably remains very high” though Moscow “continues to target and gain access to critical infrastructure in the United States.”
The brief from DHS’ Office of Intelligence & Analysis noted that, as Russia escalates its military posture at Ukraine’s border and Washington engages in diplomatic strategy, the assessment could evolve in the near future.
“Russia almost certainly considers cyber attacks an acceptable option to respond to adversaries because it lacks symmetrical economic and diplomatic responses,” the brief notes, citing the Intelligence Community’s 2021 Annual Threat Assessment.
The brief references a March 2018 alert from the Cybersecurity and Infrastructure Security Agency along with the FBI that said that since at least March 2016 Russian government cyber actors “targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.”
The Justice Department unveiled charges against six Russian military intelligence (GRU) officers in October 2020 alleging that in December 2015 through December 2016 the defendants and co-conspirators were responsible for “destructive malware attacks against Ukraine’s electric power grid, Ministry of Finance, and State Treasury Service, using malware known as BlackEnergy, Industroyer, and KillDisk.” The intelligence brief also notes Russia’s 2017 malware attack that led to the temporary shutdown of a Saudi oil refinery.
DHS I&A assessed that, given these demonstrations in other countries, Russia’s techniques “could be leveraged against U.S. critical infrastructure networks.”
“Russia has telegraphed that they are willing to attack critical infrastructure here in the U.S.,” former DHS Assistant Secretary for Infrastructure Protection Brian Harrell told HSToday. “The private sector should work to understand enemy tactics, including spearphishing and brute force attacks while conducting proactive threat hunting efforts. We have absolutely entered a heightened period of awareness given the threats that have been made, and the demonstrated attacks we’ve seen from the Russian GRU and Foreign Intelligence Service.”
The State Department ordered the departure of all family members of U.S. government employees at the U.S. Embassy in Kyiv and authorized the departure of some employees, and said the travel advisory to Ukraine is at “Level Four – Do Not Travel” due to the increased threat of Russian military action.
“Military action by Russia could come at any time,” a senior State Department official told reporters Sunday. “The United States government will not be in a position to evacuate U.S. citizens in such a contingency, so U.S. citizens currently present in Ukraine should plan accordingly, including by availing themselves of commercial options should they choose to leave the country.”
“We’re not saying we know that will happen,” the official later said. “None of us know what President Putin will decide. And at the same time that we’re doing this prudent planning and taking these measures, we are still very engaged on a diplomatic path.”
Secretary of State Tony Blinken told NBC on Sunday that Russia could also use cyber attacks or hybrid means to destabilize or topple the Ukrainian government.
“And there we’ve also been clear there’ll be a swift response, there’ll be a calibrated response, there’ll be a united response,” Blinken said. “And so what we’re doing – and I’ve been engaged in close consultations with all of our European allies and partners, including in Europe last week on the phone virtually every day, to make sure that across all of these scenarios we have a clear and united response. And we will.”
