WASHINGTON — After some five months of war raging in Eastern Europe, feared Russian ranks of hackers have had an underwhelming impact on Ukrainian networks and critical infrastructure in the U.S. and other nations. The question is: why?
“With regard to the Russian use of cyber and our takeaways, there are any number of theories for what we saw and what, frankly, we didn’t see,” Anne Neuberger, deputy national security adviser for cyber and emerging technology, said July 20 at the Aspen Security Forum.
“Some argue for the deterrence the U.S. has put in place,” she said, pointing to President Joe Biden’s meeting with Russian President Vladimir Putin following the Colonial Pipeline ransomware attack. “Some argue that it was the result of the extensive cybersecurity preparations Ukraine did, supported by allies and partners. And some argue that we don’t quite know.”
While Russia did use cyberattacks to buttress its Feb. 24 invasion and continues to leverage the digital domain to aid its lurching offensives, what hasn’t been seen — and what many expected — are massive hacks that cripple power plants and other infrastructure and retaliate against those assisting Ukraine.
Russia, historically, uses cyber to project power and meddle in foreign affairs. An International Institute for Strategic Studies report in 2021 placed the country in tier two of its cyber powerhouse rankings, alongside China but behind the U.S.
Why hasn’t Russia dominated with cyberattacks?
Exactly why the cyber operations have fallen short of expectations thus far is still up for debate, according to Neuberger, who previously served as the National Security Agency’s cybersecurity chief.
Biden in March said evolving intelligence showed Russia was planning stateside cyberattacks and cautioned the magnitude was “fairly consequential.” Neuberger on Wednesday said the potential for future attacks is being monitored very closely.
“It’s something I talk about with my intelligence and cyber colleagues around the world regularly,” she said.
U.S. Cyber Command worked with Ukraine to reinforce network defenses and conducted related offensive operations, according to Gen. Paul Nakasone, who leads both the command and the NSA.
CYBERCOM also dispatched specialists to nearby Lithuania for three months to root out malign activity and inform future security efforts. Lithuanian Vice Minister of National Defense Margiris Abukevicius at the time said the “war against Ukraine has demonstrated that cyberattacks are an inseparable element of modern military campaigns” and preparations must be made “during war and peace alike.”
Should an attack reach U.S. networks, the country is better prepared to identify the intrusion and ultimately defend itself, Neuberger said, citing the administration’s “relentless focus on improving the security of critical infrastructure” and investment in alliances and information sharing.
In June, U.S. officials said “robust” resources would be provided to a newly forged NATO program known as the “virtual rapid response cyber capability.” The cooperative, the product of a summit in Madrid, will use lessons learned from the Russia-Ukraine war to shape its approach.
Colin Demarest is a reporter at C4ISRNET, where he covers military networks, cyber and IT. Colin previously covered the Department of Energy and its NNSA — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.