President Biden yesterday urged U.S. companies operating critical infrastructure, including in the energy sector, to harden their digital defenses as new intelligence shows Russia is “exploring options for potential cyberattacks.”
The statement is the White House’s clearest warning since the start of the war in Ukraine of Russia’s willingness and capacity to strike the United States by shutting down vital computer networks.
The administration had previously warned that economic sanctions imposed on Moscow could prompt acts of retaliation, but yesterday’s alert signifies the biggest shift in tone so far.
“I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners. It’s part of Russia’s playbook,” Biden said in a statement.
“Today, my administration is reiterating those warnings based on evolving intelligence that the Russian government is exploring options for potential cyberattacks.”
The red alert, put out as the White House press corps gathered for its daily briefing, was short on detail. It didn’t name specific business sectors being targeted. But it is part of an ongoing effort to bring more government intelligence on Russia directly to the public and to CEOs responsible for defending major systems.
The White House said officials have met with hundreds of companies in recent weeks to brief them on the Russian threat. The energy sector is particularly vulnerable. Hackers with ties to Russia managed to force the Colonial pipeline offline for a week last spring, halting its deliveries of gasoline, diesel and jet fuel to the East Coast.
The intelligence so far is “fragmentary,” Anne Neuberger, deputy national security adviser for cyber and emerging technology, said during the briefing. But she said Russia has been conducting “preparatory activity,” spurring the administration to initiate a “call to action.”
“As soon as we learned about that last week, we hosted classified briefings with companies and sectors we felt would be most affected and provided very practical, focused advice,” Neuberger said.
“There’s still more to do to have the confidence that we’ve locked our digital doors,” she said.
Top cybersecurity analysts reiterated a belief within the cybersecurity community that Russia doesn’t intend to cross red lines that could pull the two nuclear powers into direct confrontation.
But John Hultquist, vice president of intelligence analysis at the firm Mandiant, noted that even nonlethal cyberattacks have economic and psychological costs that could be significant in their own right.
“We’re not surprised to learn Russia is exploring cyberattacks against the U.S. in light of the serious pressure the country is now facing,” Hultquist said. “Russia is probably looking to aggressively respond in a manner that won’t lead to war with the U.S., and cyberattacks are a means for them to exact costs without crossing a major red line.”
Leading up to the invasion, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) launched a “shields up” campaign designed to provide direct government help to companies fighting digital intruders.
Last week, CISA issued an alert warning U.S. satellite communication companies against cybersecurity threats after the telecommunications firm Viasat Inc. was hacked, impacting thousands of wind turbines.
Neuberger said during the briefing that the U.S. has not yet attributed the Viasat hack. But intelligence agencies are investigating whether Russia was behind the attack, according to Reuters.
“Owners and operators have the ability and responsibility to harden the systems and networks we all rely on,” Neuberger said.
She also called it “deeply troubling” that hackers can still use known vulnerabilities in computer software. The government has urged companies to patch their systems.
Neuberger also reaffirmed previous statements by Biden that the U.S. is “not seeking confrontation with Russia.”
“But he has also said that if Russia conducts disruptive cyberattacks against critical infrastructure, we will be prepared to respond,” Neuberger said.
For its part, the oil and natural gas pipeline industry has been implementing mandatory cybersecurity directives issued by the Transportation Security Administration after the Colonial hack.
“The Administration and law enforcement agencies have been vigilant about attempted cyber-intrusion being a likely byproduct of the war in Ukraine,” American Gas Association officials said in a statement.