Cyberwarfare: what is Russia planning?

The US has “evolving intelligence” that Russia is exploring options for cyberattacks on the West, Joe Biden has warned.

Calling on the private sector to immediately harden its online defences, the US president said that “the magnitude of Russia's cyber capacity is fairly consequential, and it’s coming”. Vladimir Putin “hasn't used it yet, but it’s part of his playbook”, added Biden in an address this week to the bosses of some of his country's largest corporations.

The intervention followed the publication of the latest Annual Threat Assessment from the US Intelligence community, which found that Moscow was developing capabilities to target underwater cables and industrial control systems.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

Cyber scenarios

The “most troubling takeaway” from Biden’s cyberattacks warning is that “US spy agencies have been spot on so far” in predicting Putin’s moves, said CNN’s White House reporter Stephen Collinson.

As the Ukraine war escalates global tensions, Putin “could turn his intelligence agencies or related criminal gangs against US government departments, hospitals, critical infrastructure and utilities”, in “direct reprisals” for “crippling sanctions” on Russia, Collinson wrote.

The BBC outlined three main scenarios that security experts reportedly fear most. The first is a targeted critical infrastructure attack like that in 2015 when Ukraine's electricity grid was disrupted by a cyberattack called BlackEnergy. The attack “caused a short-term blackout for 80,000 customers of a utility company in western Ukraine”, the broadcaster reported.

A second scenario would be a reprise of NotPetya, when destructive software was hidden in an update of accounting software used in Ukraine. The malware attack, in 2017, spread worldwide, destroying the computer systems of thousands of companies and causing an estimated $10bn (£7.5bn) of damage.

The third scenario would be an attack like that which resulted in the shutdown of the Colonial Pipeline in May 2021. A state of emergency was declared in a number of US states after hackers knocked out the online infrastructure of the pipeline, which carries 45% of the East Coast’s supply of diesel, petrol and jet fuel.

Timings of an attack

Chris Krebs, a former head of the US Cybersecurity and Infrastructure Security Agency, has warned that the “red lines” that have held back Putin from launching further cyberattacks may “evaporate”.

In an article for the Financial Times, Krebs argued that the “grim” economic outlook for Russia as sanctions kick in could “prompt Russian hackers to lash out against the West”.

However, The New Yorker said “the fact that devastating attacks haven’t occurred so far” has “raised doubts in some quarters about the viability and efficacy of using malicious software as a weapon of war”.

The magazine’s Sue Halpern speculated that it “may be that Russia never had the capabilities that its adversaries ascribed to it in the first place”.

“Unlike conventional weapons, which can be counted, cyber weapons are invisible until they are deployed, making it impossible for outsiders to assess the size and power of a nation’s cyber arsenal,” she wrote.

CNN’s Collinson noted that “there has so far been no major cybersecurity disaster, like a blanket power outage, a poisoned water system or a crippled supply chain, in the US or Ukraine since the invasion”.

Nearly 20 experts “who spoke with CNN” reportedly agreed that while Russia was “well positioned” to launch catastrophic cyberattacks on the US, Putin understands that his cyber capabilities are outmatched by those of the US.

Samantha Ravich, chair of the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation, told the BBC’s World At One that Putin has kept his cyber powder dry because he knows such weapons can “get out of control”.

However, she added, Putin might lash out as he gets “more and more desperate”.

The West should “harden the castle walls” against such attacks, Ravich concluded, because while the “cyber dog” hasn’t barked yet, “it will”.