Commentary: Amid mounting tensions in Ukraine, Russia could unleash disruptive cyberattacks

ROCHESTER, New York: As tensions mount between Russia and the West over Ukraine, the threat of Russian cyberattacks against the US increases.

The US Department of Homeland Security issued an intelligence bulletin on Jan 23, warning that Russia has the capability to carry out a range of attacks, from denial-of-service attacks on websites to disrupting critical infrastructure like power grids.

“We assess that Russia would consider initiating a cyber attack against the Homeland if it perceived a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security,” the DHS stated in the bulletin, which it sent to law enforcement agencies, state and local governments, and critical infrastructure operators.

Cybersecurity experts are concerned that in the wake of recent cyberattacks by hackers affiliated with Russia, the Russian government has the capability to carry out disruptive and destructive attacks against targets in the US

The SolarWinds attack, uncovered in December 2020, gave the perpetrators access to the computer systems of many US government agencies and private businesses.

The DHS and FBI accused Russian hackers in March 2018 of infiltrating US energy and infrastructure networks.

Russian cyberattacks could include continued attempts to diminish Americans’ confidence in elections, undermine economic stability, damage the energy grid, and even disrupt healthcare systems.

While some components of these systems almost certainly remain vulnerable to Russian-aligned hackers, the Russian government is likely to think twice before unleashing highly disruptive attacks against the US, because the US government could interpret such attacks, particularly those targeting critical infrastructure, as acts of war.

The DHS bulletin stated that Russia has a high threshold for initiating disruptive attacks. But a more likely threat from Russian hackers are disinformation campaigns.

DISTRACT, DISTORT AND DIVIDE

Americans can probably expect to see Russian-sponsored cyber activities working in tandem with propaganda campaigns. These activities are likely to be aimed at preventing a unified response to Russian aggression in Ukraine.

Russian military doctrine includes the well-evolved concept of information confrontation, which uses cyber means to create doubt about what is true. Russia’s information warfare strategy seeks to manipulate information and relationships.

The specific manoeuvres aim to bolster narratives, people and groups that support Russian interests and undermine those that are counter to Russian interests. The manoeuvres, which include dismissing and distorting information and undermining opinion leaders, are carried out in the press and on social media.

Russian intelligence operatives are skilled at using technology, including amplifying misinformation through fake accounts on popular social media platforms.

In effect, Russia uses social and other online media like a military-grade fog machine that confuses the US population and encourages mistrust in the strength and validity of the US government.

Governments like those in Russia and China have perfected the manipulation of online information as a way to control their own populations. Democracies are especially vulnerable to these techniques, given the open exchange of ideas and lack of centralised control over sources of information.

In addition, US society is polarised, and that polarisation is occurring at an increasing rate. A study by researchers at the University of Oxford examined Russia’s computational propaganda against the US between 2013 and 2018 and found that it was designed to boost US political polarisation.

PLAUSIBLE DENIABILITY

Though the Russian government commonly operates through its intelligence services, including the technical experts in the GRU military intelligence service and the spymasters in the FSB domestic intelligence service, it also uses criminal groups to achieve its aims.

History shows that Russia is most likely to recruit proxies to carry out cyberattacks that disrupt decision-making so that the attacks don’t point directly back to the Kremlin.

There is no foggier battlefield than cyberspace. That is one of the main benefits of cyberspace as an element of national power – a cyberattack almost always allows for plausible deniability.

On Jan 14, Russia arrested members of the Russian-based cyber gang REvil who were responsible for the 2021 ransomware attacks against meat supplier JBS Foods, headquartered in Greeley, Colorado, and the Colonial Pipeline, headquartered in Alpharetta, Georgia.

The unusual move caused cybersecurity analysts to wonder about Russia’s motive, including speculation about making it easier for the government to deny a connection to the cyberattacks.

CAUSE FOR CONCERN BUT NO REASON TO FEAR

National cyber defence is inherently challenging, but the US is far from defenceless. Several analysts have noted that the US is the most capable cyber power in the world. The US also has 20 years of experience dealing with Russian cyber aggression.

The Biden administration’s tough stance on Russian hacking has made some progress. And though disinformation is among the murkiest of cyber strategies, cybersecurity experts are making headway on that front, too.

Cyber activity that creates room for Russia to present the seizure of Ukraine as a fait accompli is much more likely than a crippling cyberattack.

Though Russia might temporarily deter a US response to Russian moves in Ukraine by disrupting US critical infrastructure, Americans are likely to present a unified and powerful response to such an overt attack. Russia is more likely to prefer a path of insidious political polarisation to weaken US geopolitical influence.

Even if Russia were to launch extensive cyberattacks against the US, the average American is unlikely to be harmed. The disruption of natural gas and food supplies would clearly have a significant economic impact, but it is extremely rare for a cyberattack to lead to loss of life.

Justin Pelletier is a Professor of Practice of Computing Security at Rochester Institute of Technology. This commentary first appeared on The Conversation.