Ground commanders have been unable to capitalize on at least one previous cyber strike.
As the Ukraine war continues, U.S. officials worry that Russia might resort to new sorts of cyber attacks that could have big unintended consequences.
“I do think there there is a risk that the deeper you get into this conflict that the Russians will…be pressed to resort to more aggressive operations,” Neal Higgins, the deputy national cyber director for national cybersecurity at the White House’s Office of the National Cyber Director, said on Tuesday during the Defense One Tech Summit. If you're acting quickly and desiring a large impact, there is a risk that you lose control and that that did occur. It certainly is a risk that we continue to monitor across the government.”
Higgins was alluding to the 2017 NotPetya attacks, which spread beyond their intended targets—Ukrainian power companies—and went on to be the most destructive cyber event in history, infecting computers across the globe, including in Russia.
Five years on, Higgins said, the United States government is much better prepared for such an attack—particularly since last fall, when Russia began to mass troops along the Ukrainian border. He highlighted better coordination between the public and private sectors and infrastructure providers.
“When we had more detailed tactical information, that allowed them to take the necessary steps to defend their network,” he said. But he also warned that some private network providers still haven’t taken simple steps to better protect their networks.
Russia has already launched cyber attacks in Ukraine to support its invasion, Crowdstrike founder (since departed) and current head of the Silverado Policy Accelerator Dmitri Alperovitch said on Tuesday. Hours before tanks crossed the border in February, Russian hackers struck the Viasat communications network. But Russian ground commanders were too uncoordinated to take advantage of the disruption.
“If you don't follow through on that, you're going to lose that advantage. Because the one problem of course with cyber is that it's hard to have lasting effects,” Alperovitch said in a separate Tech Summit session.
Another thing that’s changed from 2017 is the level of Ukrainian preparedness, thanks in part to partnership with U.S. Cyber Command and other entities. Mike Rogers, who led U.S. Cyber Command and the NSA, said at the Tech Summit the Ukrainians have learned how to quickly identify and re-constitute networks that are hit by cyber attacks, which makes even novel and potentially destructive attacks a lot less damaging.
“You have seen the Russians excel in cyber in relatively static operations against moderately prepared network structures where they've had significant time to develop a campaign weeks in seven months,” said Rogers, a retired admiral. “What what the situation in Ukraine shows is that they are not strong against well-prepared dynamic networks whose security dimensions are changing regularly and fairly rapidly with high levels of preparedness, with high levels of defensive capability.”
The Ukrainians have also shown themselves adept in areas where even the United States continues to struggle, Rogers said, like building coalitions among groups that normally have nothing to do with one another, such as foreign military partners, global IT corporations and even cyber vigilante groups like Anonymous. “I think there's some interesting revelations in the U.S. and others as we ask ourselves: what's the best cybersecurity model for us moving forward? I think there's some great takeaways for us here.”