Russia could unleash disruptive cyberattacks against the US – but efforts to sow confusion and division are more likely
- Written by Justin Pelletier, Professor of Practice of Computing Security, Rochester Institute of Technology
As tensions mount between Russia and the West over Ukraine, the threat of Russian cyberattacks against the U.S. increases. The Department of Homeland Security issued an intelligence bulletin[1] on Jan. 23, 2022, warning that Russia has the capability to carry out a range of attacks, from denial-of-service[2] attacks on websites to disrupting critical infrastructure like power grids.
“We assess that Russia would consider initiating a cyber attack against the Homeland if it perceived a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security,” the DHS stated in the bulletin[3], which it sent to law enforcement agencies, state and local governments, and critical infrastructure operators.
Cybersecurity experts are concerned that in the wake of recent cyberattacks by hackers affiliated with Russia, the Russian government has the capability to carry out disruptive and destructive attacks against targets in the U.S. The SolarWinds attack[4], uncovered in December 2020, gave the perpetrators access to the computer systems of many U.S. government agencies and private businesses. The DHS and FBI accused Russian hackers in March 2018 of infiltrating U.S. energy and infrastructure networks[5].
Russian cyberattacks could include continued attempts to diminish Americans’ confidence in elections[6], undermine economic stability[7], damage the energy grid[8], and even disrupt health care systems[9].
While some components of these systems almost certainly remain vulnerable to Russian-aligned hackers, the Russian government is likely to think twice before unleashing highly disruptive attacks against the U.S., because the U.S. government could interpret such attacks, particularly those targeting critical infrastructure, as acts of war[10]. The DHS bulletin stated that Russia has a high threshold for initiating disruptive attacks. As a researcher who studies cyberwarfare[11], I believe a more likely threat from Russian hackers is launching disinformation campaigns.
Distract, distort and divide
Americans can probably expect to see Russian-sponsored cyber activities working in tandem with propaganda campaigns. These activities are likely to be aimed at preventing a unified response to Russian aggression in Ukraine.
Russian military doctrine includes the well-evolved concept of information confrontation[12], which uses cyber means to create doubt about what is true. Russia’s information warfare strategy seeks to manipulate information and relationships.
The specific maneuvers[13] aim to bolster narratives, people and groups that support Russian interests and undermine those that are counter to Russian interests. The maneuvers, which include dismissing and distorting information and undermining opinion leaders, are carried out in the press and on social media.
Russian intelligence operatives are skilled at using technology, including amplifying misinformation through fake accounts[14] on popular social media platforms. In effect, Russia uses social and other online media like a military-grade fog machine that confuses the U.S. population and encourages mistrust in the strength and validity of the U.S. government.
Repressive governments like those in Russia[16] and China[17] have perfected the manipulation of online information as a way to control their own populations. Democracies are especially vulnerable to these techniques, given the open exchange of ideas and lack of centralized control over sources of information.
In addition, U.S. society is polarized[18], and that polarization is occurring at an increasing rate[19]. A study by researchers at the University of Oxford examined Russia’s computational propaganda against the U.S. between 2013 and 2018[20] and found that it was designed to boost U.S. political polarization.
Plausible deniability
Though the Russian government commonly operates through its intelligence services, including the technical experts in the GRU[21] military intelligence service and the spymasters in the FSB[22] domestic intelligence service, it also uses criminal groups[23] to achieve its aims.
History shows that Russia is most likely to recruit proxies to carry out cyberattacks that disrupt decision-making[24] so that the attacks don’t point directly back to the Kremlin. There is no foggier battlefield than cyberspace. That is one of the main benefits of cyberspace as an element of national power – a cyberattack almost always allows for plausible deniability.
On Jan. 14, 2022, Russia arrested members of the Russian-based cyber gang REvil[25] who were responsible for the 2021 ransomware attacks against meat supplier JBS Foods[26], headquartered in Greeley, Colorado, and the Colonial Pipeline[27], headquartered in Alpharetta, Georgia. The unusual move caused cybersecurity analysts to wonder about Russia’s motive, including speculation about making it easier for the government to deny a connection[28] to the cyberattacks.
US cyber defenses
National cyber defense is inherently challenging[29], but the U.S. is far from defenseless. Several analysts[30] have noted[31] that the U.S. is the most capable cyber power in the world. The U.S. also has 20 years[32] of experience dealing with Russian cyber aggression.
U.S. Army photo by Michael L. Lewis[33]The Biden administration’s tough stance on Russian hacking[34] has made some progress. And though disinformation is among the murkiest of cyber strategies, cybersecurity experts are making headway[35] on that front, too.
Cause for concern but no reason to fear
Cyber activity that creates room for Russia to present the seizure of Ukraine as a fait accompli is much more likely than a crippling cyberattack. Though Russia might temporarily deter a U.S. response to Russian moves in Ukraine by disrupting U.S. critical infrastructure, Americans are likely to present a unified and powerful response to such an overt attack. I believe Russia is more likely to prefer a path of insidious political polarization to weaken U.S. geopolitical influence.
Even if Russia were to launch extensive cyberattacks against the U.S., the average American is unlikely to be harmed. The disruption of natural gas and food supplies would clearly have a significant economic impact, but it is extremely rare[36] for a cyberattack to lead to loss of life.
If you are worried about the situation in Ukraine and wondering what you can do to defend against Russian cyberattacks, I recommend tuning out divisive rhetoric and cultivating common ground with Americans whom you might not agree with. Though there are many issues U.S. society is working through, Americans can still try to find some general agreement in the principles of the American experiment.
[Science, politics, religion or just plain interesting articles: Check out The Conversation’s weekly newsletters[37].]
References
- ^ intelligence bulletin (www.cnn.com)
- ^ denial-of-service (www.cisa.gov)
- ^ stated in the bulletin (abcnews.go.com)
- ^ SolarWinds attack (theconversation.com)
- ^ infiltrating U.S. energy and infrastructure networks (www.cisa.gov)
- ^ elections (www.nytimes.com)
- ^ economic stability (www.thecipherbrief.com)
- ^ energy grid (www.vox.com)
- ^ health care systems (www.cbsnews.com)
- ^ acts of war (www.wsj.com)
- ^ studies cyberwarfare (scholar.google.com)
- ^ information confrontation (www.ndc.nato.int)
- ^ specific maneuvers (apps.dtic.mil)
- ^ amplifying misinformation through fake accounts (theconversation.com)
- ^ AP Photo/Dmitri Lovetsky (newsroom.ap.org)
- ^ Russia (www.hrw.org)
- ^ China (gking.harvard.edu)
- ^ polarized (www.pewresearch.org)
- ^ occurring at an increasing rate (www.brown.edu)
- ^ between 2013 and 2018 (int.nyt.com)
- ^ GRU (www.justice.gov)
- ^ FSB (crsreports.congress.gov)
- ^ criminal groups (www.defenseone.com)
- ^ disrupt decision-making (www.armyupress.army.mil)
- ^ arrested members of the Russian-based cyber gang REvil (theconversation.com)
- ^ meat supplier JBS Foods (www.bbc.com)
- ^ the Colonial Pipeline (www.politico.com)
- ^ making it easier for the government to deny a connection (www.darkreading.com)
- ^ inherently challenging (theconversation.com)
- ^ analysts (www.washingtonpost.com)
- ^ have noted (www.iiss.org)
- ^ 20 years (www.forbes.com)
- ^ U.S. Army photo by Michael L. Lewis (www.flickr.com)
- ^ tough stance on Russian hacking (theconversation.com)
- ^ making headway (theconversation.com)
- ^ extremely rare (www.washingtonpost.com)
- ^ Check out The Conversation’s weekly newsletters (memberservices.theconversation.com)
Authors: Justin Pelletier, Professor of Practice of Computing Security, Rochester Institute of Technology