As Russian troops attack Ukraine, experts are warning that Vladimir Putin could also seize the opportunity to deploy Russia’s trove of cyberweapons to hack America’s infrastructure.
Russia is no stranger to launching cyberattacks against the U.S. or using third-party hackers to hit American interests. U.S. officials have previously accused Russia of infiltrating everything from American power plants to the Department of Defense.
And with tensions between the two nations skyrocketing, and U.S. sanctions against Russia looming, Putin could retaliate by launching powerful cyberattacks against the U.S. Such an attack could cut power to cities, shutter banks, and stop the flow of fuel, crippling whole swaths of the country.
“I'm quite nervous about what is going to happen,” former-Ambassador to the U.N. Social and Economic Council Sarah Mendelson told Yahoo Finance.
“I have said to people we should expect something, and we should not panic if we have a cyberattack,” added Mendelson, who serves as the head of Carnegie Mellon’s Heinz College in Washington, D.C.
Russia allegedly began waging cyberwarfare against Urkraine before its physical attack. Last week, the U.S. accused Russia of launching distributed denial of service or (DDOS) attacks against the Ukrainian Ministry of Defense’s website and two banks. And on Wednesday and Thursday of this week, a number of Ukrainian government websites were knocked offline.
While there’s been no confirmation that Russia caused the most recent outages, they came just days after Putin ordered Russian troops into two separatist controlled regions of Ukraine, which was formerly part of the Soviet Union.
In the past, Putin considered Ukraine a bulwark against the rise of the U.S. and its NATO allies. But with Ukraine pivoting toward the West and seeking to join NATO, Putin is seemingly attempting to subsume Ukraine and bring it back into its sphere of influence.
Russia has launched devastating cyberattacks against Ukraine in the past including striking portions of its power grid in both 2015 and 2016. And in 2017, it launched NotPetya, a cyberweapon so powerful it not only destroyed computer systems across Ukraine, but also other parts of the world.
Russia has previously demonstrated its capability to wage cyberwar in the U.S. as well, whether through malware or disinformation campaigns during the lead-up to the 2016 and 2020 elections, and throughout the COVID-19 pandemic.
And with the U.S. and its allies gearing up to hit Russia with harsh new sanctions, the U.S Cybersecurity and Infrastructure Security Agency is warning Putin will ratchet up its disinformation campaigns.
“We need to be prepared for the potential of foreign influence operations to negatively impact various aspects of our critical infrastructure with the ongoing Russia-Ukraine geopolitical tensions,” CISA Director Jen Easterly said last week ahead of Russia’s invasion.
But Russia’s cyber assets extend further than manipulating Americans via social media. The country is also more than capable of penetrating U.S. infrastructure, and could easily hit American water supply systems, hospitals, or power plants.
“There have been some infrastructure-based attacks where [Russia has] been caught breaking into dams and power plants and things like that in the U.S.,” explained NYU Tandon School of Engineering professor Justin Cappos. “It's possible that they're in substantial parts of U.S. infrastructure, and are sort of dormant and have capabilities that they haven't gone and exercised.”
Russia has been launching cyberattacks against U.S. infrastructure, including power plants, for years, probing security systems to find weaknesses. In 2020, a Russian-backed group launched an attack on internet network infrastructure company SolarWinds (SWI), giving hackers access to government organizations including the Department of Defense.
The attack, which Microsoft (MSFT) President Brad Smith called one of the largest in history, likely downloaded by some 18,000 SolarWinds customers. The malware, which was deployed by Russian agents to look like a normal software update for a piece of networking equipment, ultimately pin-balled across multiple U.S. organizations the Treasury, Commerce, and Justice Departments and 100 private sector companies.
The U.S. has responded in kind, implanting malware into Russia’s own systems in a move reminiscent of the Cold War.
“We've already seen a lot of attacks coming from Russia and independent crime groups that are based in Russia and tolerated by Russia over the past several years,” explained Katie Moussouris, founder and chief executive of Luta Security and former lead Microsoft senior security strategist.
“We do need to remain vigilant, because certainly if things are not going Putin's way, I can imagine that he's going to use whatever is available to him,” Moussouris said. “And we all know that the defenses across the United States and our partners and our allies in cybersecurity are not a perfect, impenetrable shield.”
According to Mendelson, if Russia launches a cyberattack against one of America’s NATO allies, the treaty’s mutual defense guarantee may force America to retaliate.
“[Putin] would like the United States to collapse,” she said. “He would like NATO to collapse. He would like the European Union to collapse. This is quite clear, and it's been clear for some time.”
While the physical attack on Ukraine unfolds, it would take just a few keystrokes for Russia to fire its cyber weapons at the U.S. And while it’s not the same as bullets and bombs, it could still be destructive enough to take out portions of the power grid, putting American lives at risk just the same.
Clarification: This article was clarified to specify that, of 18,000 SolarWinds customers that downloaded a malicious update, only 100 were ultimately hacked.
More from Dan
Got a tip? Email Daniel Howley at email@example.com. Follow him on Twitter at @DanielHowley.