It looks increasingly likely that a war will start in Ukraine, and the United States and Russia will be on opposite sides of it. And while it seems unlikely that U.S. troops will be fighting Russian troops directly, and no one expects any Russian missiles to launch at the U.S. mainland, facing off against Russia would put us–and our European allies, for that matter–at risk of a silent and potentially devastating weapon that Russia is a master at using: cyberwarfare.
Ukraine has been the victim of many Russian cyberattacks over the years, including a 2015 attack that disabled electricity grids country-wide for several hours in the middle of winter; and a hack this month that took the websites of the Ministry of Foreign Affairs and a number of other government agencies temporarily offline.
Russian hackers have also targeted the former Soviet republics of Estonia and Georgia at numerous times in the last 15 years. While some of these hackers were probably acting on their own, many appear to have been sponsored by the Russian government.
And all three republics that got hit were in a public dispute with Russia at the time of the attacks. The common bond becomes apparent: Cyberwarfare is a tool Russia uses to punish those countries who cross it.
Which will include us, along with other NATO nations, if we follow through on our warnings to impose severe sanctions on Russia in the event it invades Ukraine.
Remember the Pipeline
The United States may be much more powerful than Ukraine, but it is susceptible to hackers just the same. Last May, gas stations from Maine to Florida shut down for a whole week. The cause: A ransomware attack from Eastern Europe had taken down the Colonial Pipeline, the largest conduit of oil in the United States.
We don’t know for sure if they were Russian. But their act of sabotage and its fallout are a stark demonstration of cyber-attackers’ power to wound the U.S. economy and upend all of our lives.
Russia’s foreign intelligence service, the SVR, is believed to have directly masterminded another attack in March-June 2020 that breached confidential data of the U.S. Treasury, Department of Defense, State Department, and many other Federal agencies and businesses. NATO, the UK government, and the European Parliament were also breached.
There’s much more damage hackers are capable of. They can infiltrate the websites of hospitals, especially rural hospitals, and completely shut down health organizations’ online networks for weeks. They can likewise hack utility companies and sabotage electricity or water systems. And IT experts have determined that a few Russian hackers were able to break into U.S. election systems and view voters’ private data (they didn’t alter any votes, but who’s to say, maybe with time they’ll figure out ways to do that, too).
Still at Risk
Federal watchdog groups have been sounding the alarms on U.S. Government and private-sector vulnerabilities to cyberattacks for years. Many lawmakers are listening, and they warn that we are still lagging behind the threats.
In August, the Senate Homeland Security and Governmental Affairs Committee reviewed the state of cybersecurity across the Federal Government and gave most large agencies a grade of “C-,” finding major weaknesses.
A month later, the House Appropriations Committee issued a stern warning in its fiscal-year 2022 funding bill for Homeland Security, writing in a report accompanying the bill that lawmakers are “increasingly concerned with the ability of adversaries to circumvent and use existing cybersecurity solutions to gain access to critical systems and data.” In November, the U.S. Cybersecurity and Infrastructure Security Agency issued a directive to all federal agencies to immediately start upgrading their software and hardware and patch up vulnerabilities.
Looking Ahead
If Russian hackers have sabotaged U.S. government agencies, businesses, and communities like this in times of peace, just imagine what they’d be inclined to do when our country and theirs are facing each other in a war. The Russian government will have an incentive to make life more difficult for us and our allies. And if its past behavior is any guide, it will. If there was ever a time for the Federal Government and the nation as a whole to up its cybersecurity game, that time is now.