28.2 F
Washington D.C.
Friday, December 6, 2024

DHS Intelligence Brief Warns of Potential Russian Cyber-Retaliation Against U.S. Critical Infrastructure

DHS I&A assessed that, given successful demonstrations in other countries, Russia's techniques "could be leveraged against U.S. critical infrastructure networks."

An intelligence brief from the Department of Homeland Security warns stakeholders that Russia “would consider” launching a cyber attack against the United States if the U.S. or NATO respond to Russia’s potential invasion of Ukraine in a way that the Kremlin perceives as threatening to Russian security.

The memo also notes that Russia’s threshold for directly launching a destructive attack against U.S. critical infrastructure with its cyber arsenal “probably remains very high” though Moscow “continues to target and gain access to critical infrastructure in the United States.”

The brief from DHS’ Office of Intelligence & Analysis noted that, as Russia escalates its military posture at Ukraine’s border and Washington engages in diplomatic strategy, the assessment could evolve in the near future.

“Russia almost certainly considers cyber attacks an acceptable option to respond to adversaries because it lacks symmetrical economic and diplomatic responses,” the brief notes, citing the Intelligence Community’s 2021 Annual Threat Assessment.

The brief references a March 2018 alert from the Cybersecurity and Infrastructure Security Agency along with the FBI that said that since at least March 2016 Russian government cyber actors “targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.”

The Justice Department unveiled charges against six Russian military intelligence (GRU) officers in October 2020 alleging that in December 2015 through December 2016 the defendants and co-conspirators were responsible for “destructive malware attacks against Ukraine’s electric power grid, Ministry of Finance, and State Treasury Service, using malware known as BlackEnergy, Industroyer, and KillDisk.” The intelligence brief also notes Russia’s 2017 malware attack that led to the temporary shutdown of a Saudi oil refinery.

DHS I&A assessed that, given these demonstrations in other countries, Russia’s techniques “could be leveraged against U.S. critical infrastructure networks.”

“Russia has telegraphed that they are willing to attack critical infrastructure here in the U.S.,” former DHS Assistant Secretary for Infrastructure Protection Brian Harrell told HSToday. “The private sector should work to understand enemy tactics, including spearphishing and brute force attacks while conducting proactive threat hunting efforts. We have absolutely entered a heightened period of awareness given the threats that have been made, and the demonstrated attacks we’ve seen from the Russian GRU and Foreign Intelligence Service.”

The State Department ordered the departure of all family members of U.S. government employees at the U.S. Embassy in Kyiv and authorized the departure of some employees, and said the travel advisory to Ukraine is at “Level Four – Do Not Travel” due to the increased threat of Russian military action.

“Military action by Russia could come at any time,” a senior State Department official told reporters Sunday. “The United States government will not be in a position to evacuate U.S. citizens in such a contingency, so U.S. citizens currently present in Ukraine should plan accordingly, including by availing themselves of commercial options should they choose to leave the country.”

“We’re not saying we know that will happen,” the official later said. “None of us know what President Putin will decide. And at the same time that we’re doing this prudent planning and taking these measures, we are still very engaged on a diplomatic path.”

Secretary of State Tony Blinken told NBC on Sunday that Russia could also use cyber attacks or hybrid means to destabilize or topple the Ukrainian government.

“And there we’ve also been clear there’ll be a swift response, there’ll be a calibrated response, there’ll be a united response,” Blinken said. “And so what we’re doing – and I’ve been engaged in close consultations with all of our European allies and partners, including in Europe last week on the phone virtually every day, to make sure that across all of these scenarios we have a clear and united response. And we will.”

Bridget Johnson
Bridget Johnson
Bridget Johnson is the Managing Editor for Homeland Security Today. A veteran journalist whose news articles and analyses have run in dozens of news outlets across the globe, Bridget first came to Washington to be online editor and a foreign policy writer at The Hill. Previously she was an editorial board member at the Rocky Mountain News and syndicated nation/world news columnist at the Los Angeles Daily News. Bridget is a terrorism analyst and security consultant with a specialty in online open-source extremist propaganda, incitement, recruitment, and training. She hosts and presents in Homeland Security Today law enforcement training webinars studying a range of counterterrorism topics including conspiracy theory extremism, complex coordinated attacks, critical infrastructure attacks, arson terrorism, drone and venue threats, antisemitism and white supremacists, anti-government extremism, and WMD threats. She is a Senior Risk Analyst for Gate 15 and a private investigator. Bridget is an NPR on-air contributor and has contributed to USA Today, The Wall Street Journal, New York Observer, National Review Online, Politico, New York Daily News, The Jerusalem Post, The Hill, Washington Times, RealClearWorld and more, and has myriad television and radio credits including Al-Jazeera, BBC and SiriusXM.

Related Articles

Latest Articles