WASHINGTON — Russia’s continued belligerence in Eastern Europe has so far not translated into cyberattacks that damage U.S. public and private sectors, a leading lawmaker said March 29, amid heightened worries of a wartime domino effect in the cyber domain.
“While the Russian invasion of Ukraine has not yet spilled over into cyberattacks that affect governments and businesses in the United States, President Biden has warned all Americans of evolving intelligence that Russia may soon launch cyberattacks against the United States,” House Judiciary Committee Chairman Jerrold Nadler, D-NY, said during an oversight hearing.
Members of Congress and experts voiced concerns about Moscow’s cyber reach and long-term intent as its attack on Ukraine was staged and then unfolded.
House Intelligence Committee Chairman Adam Schiff in late February told reporters “one pressing concern” was Russian cyber tools bleeding beyond the bounds of Ukraine. “The other possibility,” the California Democrat added, “is that Putin lashes out at the United States and NATO, and in this kind of hybrid warfare, it deploys cyber tools to attack American companies or American infrastructure.”
Schiff had not seen evidence of such Russian efforts at the time. Fresher information, however, suggests “the magnitude of Russia’s cyber capacity is fairly consequential, and it’s coming,” President Joe Biden said March 21. The U.S. Cybersecurity and Infrastructure Security Agency has echoed the message.
Biden had previously said the U.S. would respond to Russian aggression in cyberspace. Exactly what that would entail was not clear.
Bryan Vorndran, the assistant director of the FBI’s cyber division, on March 29 told Congress Russia was a “formidable foe.” He also confirmed reports that Russia was increasingly scanning U.S. critical infrastructure, moves that could precede a hack.
“Russia is one of the two most capable cyber adversaries we face globally,” Vorndran said, answering a question from Rep. Sheila Jackson Lee, a Texas Democrat. “Whether they have the ability to completely destabilize our country and win a war is a whole different conversation.”
The Russian foreign ministry on Tuesday accused the U.S. of “waging a large-scale cyberattack” against the country, specifically targeting “government agencies, media outlets, critical infrastructure and vital facilities.” The ministry said those responsible — inspirers, operators and culprits — would be held to account.
Vorndran in written testimony described cybersecurity as a national security imperative, a matter he further said is underlined by ongoing international tumult.
The Department of Defense’s fiscal year 2023 budget request, revealed March 28, included $11.2 billion for cyber — some $800 million, or nearly 8%, more than the Biden administration’s previous ask.
Pentagon officials emphasized the continued spending in the domain and on related capabilities, like U.S. Cyber Command’s Cyber Mission Force teams.
“The administration’s defense topline includes $276 billion for investment,” Deputy Secretary of Defense Kathleen Hicks said. “That includes procurement and research, development, test, and evaluation. Those resources deliver the combat credibility today and into the future that we need across air, sea, land, cyber and space.”
Colin Demarest is a reporter at C4ISRNET, where he covers military networks, cyber and IT. Colin previously covered the Department of Energy and its National Nuclear Security Administration — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.