Top Cyber Officials Say Russians May Yet Escalate CyberwarSen. Mark Warner, Former Cyber Official Chris Painter Discuss Russian Tactics
As war in Ukraine rages and the Putin regime continues to drive toward major population centers in the former Soviet state, U.S. cybersecurity officials remain on high alert - questioning whether the Russians will elevate their cyberwar against their Western neighbor or against NATO member-states.
See Also: 2022 Unit 42 Incident Response Report
In a webinar entitled "Cyber in the Ukraine Invasion," hosted by the Washington, D.C.-based think tank the Center for Strategic and International Studies, Sen. Mark Warner, D-Va., one of the Senate's leading cyber advocates, and Chris Painter, former Coordinator for Cyber Issues at the U.S Department of State during the Obama administration, outlined Russia's portfolio of coercion, its offensive capabilities and the Biden administration's response.
Warner, chairman of the Senate Select Committee on Intelligence, and Painter, president of the Global Forum on Cyber Expertise Foundation, were joined by Greg Rattray, partner and co-founder at Next Peak LLC and former global CISO at JPMorgan Chase. The event was hosted by James A. Lewis, senior vice president and director of the Strategic Technologies Program at CSIS.
Senator's Ukraine Assessment
Speaking during the event, Warner outlined the swift sanctions designations and Ukraine's resiliency thus far in its campaign - praising Ukrainian President Volodymyr Zelenskyy's "courage and resoluteness."
He also praised EU allies for moving swiftly in response to the invasion - including the Germans rescinding their major pipeline project into Russia and other NATO members sharing significant arms with the Ukrainians.
Still, he said, the cyber offensives to date "have been relatively mild" and added: "The fact that they have not launched a NotPetya-type of attack with software including worms that go from one network to another, [is puzzling]. We don't have an answer."
The senator said it "remains a possibility" that cyber escalation could occur in the days or weeks ahead, possibly as the Russians leverage certain prepositioning on foreign networks.
Warner said he was "very concerned in the early days" of the war that Russia would launch crippling cyberattacks that might bleed beyond the geographic borders of Ukraine and into eastern Poland - perhaps knocking off Polish hospitals.
"Is that an Article 5 [an obligation among NATO military alliance members to defend fellow allies' sovereign borders]?" he asked. "Especially if you had American troops getting in a traffic accident because the lights have gone off? Could that be an Article 5? So far, we've not seen that."
Warner Touts Budget Bill
The Virginia lawmaker also said there is a direct connection between the ongoing conflict and the recently passed omnibus spending bill that has billions in tech aid for Ukraine, a cyber incident reporting mandate for critical infrastructure providers and a dramatic uptick in funding for the Cybersecurity and Infrastructure Security Agency (see: US Congress Passes Cyber Incident Reporting Mandate).
Warner told CSIS' Lewis the reporting requirement is "a giant step forward, both in terms of the challenges vis-a-vis Ukraine, [and] on a broader basis too, making sure that the current level, where we have about 30% of cyberattacks actually being reported to the government, [increases]."
Warner also pushed for additional support from the private sector to improve the "defense" and "resiliency" of U.S. and allied networks.
"[And] I do worry at times that we are investing way too much in traditional legacy platforms," the Virginia Democrat said. "Thank God, so far, we've not seen the more malicious cyber tools that Russia has brought to bear."
Cyber Leaders Comment
The back half of CSIS' event on Monday included a panel discussion featuring Painter and Rattray, each of whom echoed several points made by Warner.
"Many people predicted a massive cyberattack in Ukraine - going after command and control, going after communications," said Painter. "And that really hasn't happened. We also haven't seen the blowback against Western democracies, including the U.S., so far."
Painter qualified that by saying the war is "still in the relatively early days. … It could be that Russia is holding those reserve capabilities and hasn't used them yet."
He also touted the cyber posture of the Ukrainian government and infrastructure, saying that as it stood leading up to the war, it was in a better place "than five, six years ago when we had the attacks on Ukraine's power systems."
Rattray told Lewis that another factor in the cyberwar component is the presence and projected surge in ransomware cases. "[But] we also have not seen [that] in any sort of significant way," he stated.
There are many potential factors behind the lack of direct cyber military offensives, Rattray said. These include a possible miscalculation on Russia's part - in thinking it would spare Ukrainian critical infrastructure so that its installed government in Kyiv would not have to completely rebuild.
"Maybe the Russians are just recalibrating, but I have this strong belief that, probably, they aren't as deeply embedded and as capable as we - myself included - had thought going into this, at least in Ukraine," Rattray said.
The panelists also discussed the cyberattacks that could prompt Western governments to react.
"If we're actually having an [offensive] effect that will take down [Russian] command and control, that's a pretty major [escalation] and [also] burns those capabilities," Painter said of the U.S. ramping up a cyberwar.
"[If] we're disrupting Russian life or even military command and control, or defense systems, it could very much been seen as escalatory," Rattray said.
Another key point of the discussion was cryptocurrency and potential Russian sanctions evasion.
"We have a major issue about how cryptocurrencies in particular are allowed to work and whether we take off the table this sort of digital underground that's enabled by cryptocurrency," said Rattray. "I actually think this is a very serious long-term issue."
"It's another thing that requires a global approach," Painter said. "Cryptocurrency is not going to go away. It's here to stay."
He praised the Biden administration's signing of a cryptocurrency executive order last week that directed key federal agencies to continue studying crypto and a possible U.S. digital dollar. It also tasked the interagency with delineating the various roles and responsibilities around enforcement efforts. Thus far, the federal response to crypto has been hampered by unclear jurisdictional boundaries (see: President Joe Biden Signs Executive Order on Cryptocurrency).