WASHINGTON — The leader of the U.S. Cybersecurity and Infrastructure Security Agency said American networks have yet to experience significant cyberattacks by Russian operatives amid the ongoing belligerence in Ukraine.
“To date, we have not seen specific attacks on the U.S.,” CISA Director Jen Easterly said April 28. “What we are concerned about is the fact that Russia’s malicious cyber activity is part of their playbook.”
President Joe Biden shortly warned in March that evolving intelligence showed Russia was planning potential stateside cyberattacks. He also said the magnitude of Russia’s cyber capacity “is fairly consequential, and it’s coming.”
Lawmakers and analysts expressed similar concerns as Russia invaded Ukraine in late February. Such attacks have yet to materialize, Easterly testified before a House appropriations subcommittee Thursday.
“To date, thankfully, we have not seen attacks manifest here,” she said. “But we are very concerned that as the war drags on, there may, in fact, be retaliatory attacks given the very severe sanctions we have imposed on the Kremlin, the U.S. and our allies.”
Russia has long used cyberattacks to project its forces and influence events beyond its borders. Its push into Ukraine was preceded by a tide of malicious hacks that crippled government websites and scrambled communications. Ukraine continues to be assailed in the digital domain, with cyberattacks trebling compared with the year prior, according to the State Service of Special Communication and Information Protection.
Russia has denied responsibility.
The cyber threat the U.S. faces, Easterly said, likely comes in three forms: international spillover, something like the NotPetya fiasco of 2017; criminal ransomware attacks, like those that paralyzed the Colonial Pipeline and JBS Foods; and deliberate action taken by “Russian state-sponsored actors” against critical infrastructure including the communications, energy and medical sectors.
“The threat environment isn’t getting any less dynamic, less complex, less dangerous,” Easterly said, “and the threat actors are not getting any less sophisticated.”
Bryan Vorndran, assistant director of the FBI’s cyber division, last month told Congress that Russia is a “formidable foe.” He confirmed reports of Russia increasingly scanning U.S. critical infrastructure — moves that could precede a hack.
“As these adversaries become more sophisticated and stealthier, we are most concerned about our ability to detect and warn about specific cyber operations against U.S. organizations,” Vorndran said in written testimony submitted to the House Judiciary Committee. “Maybe most worrisome is their focus on compromising U.S. critical infrastructure, especially during a crisis.”
CISA, part of the Department of Homeland Security, leads efforts to understand, manage and reduce risks to U.S. cyber and physical infrastructure. The agency regularly works alongside the FBI, the National Security Agency and international partners.
President Joe Biden’s fiscal 2023 budget blueprint included $2.5 billion for CISA, approximately 18% more than what was requested in 2022. Easterly on Thursday said the suggested investment “really recognizes the criticality of our mission and provides the resources that we need to achieve it.”
The president’s budget also included some $11.2 billion for Pentagon cyber, nearly 8% over the administration’s previous ask.
Colin Demarest is a reporter at C4ISRNET, where he covers military networks, cyber and IT. Colin previously covered the Department of Energy and its NNSA — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.