Yesterday, President Biden issued an urgent statement on our nation’s cybersecurity. The concern is that Russia will launch cyber attacks in response to comprehensive global sanctions, which are having a devastating impact on the Russian economy. This “cornered Putin problem” is deepening speculation that Putin will look beyond Ukraine as he strives to revive some semblance of old-school Russian power. Indeed, there are signs he is losing control in the face of mounting pressures, including increased pressure from his internal support as demonstrated by the recent arrest of two senior FSB leaders.
In this context, Biden urged that, "The magnitude of Russia's cyber capacity is fairly consequential and it's coming, adding that "one of the tools (Putin's) most likely to use, in my view -- in our view -- is cyber attacks. They have a very sophisticated cyber capability."
This clear and present threat of Russian cyber attacks, which IronNet’s threat analysis and research team has been tracking, is something that Forgepoint Capital Co-Founder and Managing Director Donald R. Dixon and I wrote about last week.
Why are cyber attacks an accelerating threat? Putin is in a tough place and may raise the stakes to get what he wants.
It’s clear the prolonged battle in Ukraine is not what Putin expected. His military wasn’t ready. His intelligence wasn’t good, and he’s facing resilient Ukrainians who are fighting hard to maintain their freedom. Putin’s initial plan to install a puppet regime in Ukraine is simply no longer possible.
Despite orchestrating a propaganda-driven celebration of the anniversary of Crimea’s annexation on Friday, Putin may be approaching a breaking point. The sanctions wage on, and now even Putin’s inner circle is going after him. The reality is Putin believed he could take Ukraine, but where he really made a big mistake is misreading his “yes-men,” who may not have expressed the fact that Russia simply didn’t have the necessary level of preparation to occupy and hold Kyiv.
Right now, the cyber front in the U.S. and EU has been eerily quiet, perhaps as Putin remains focused on military and cyber operations in Ukraine. It’s important to note, however, as Thomas Rid does in last Friday’s NY Times, that claims of quiet on the cyber front are misleading: “In 2022 the war came but seemingly without the cyberapocalypse and waves of pummeling digital strikes we expected.” He added, “Cyberwar has come [throughout Ukraine], is happening now and will most likely escalate.”
Echoing the Biden Administration's warning, I believe that Putin will commence cyber operations against the U.S. and EU in retaliation for sanctions. It is likely he will respond against those sectors where sanctions are hurting him most, such as oil and gas, finance, and the energy sectors.
So what are we going to do about this warning? President Biden’s statement reminds us that, “From day one, my Administration has worked to strengthen our national cyber defenses, mandating extensive cybersecurity measures for the Federal Government and those critical infrastructure sectors where we have authority to do so, and creating innovative public-private partnerships and initiatives to enhance cybersecurity across all our critical infrastructure.” Without question, the Administration has made cybersecurity a top-line agenda item, starting with the May 2021 Executive Order on improving the nation’s cybersecurity to the National Cyber Director’s Strategic Intent Statement calling for “shared defense” to the recent “Cyber Incident Reporting for Critical Infrastructure Act of 2022.”
In the here and now, the need for Collective Defense is critical. As I have mentioned since founding IronNet in 2014, the U.S. government is inherently limited in defending against debilitating and destructive nation-state cyber attacks on the nation’s critical infrastructure because they cannot see these attacks early in the intrusion cycle. Why? President and CEO of Southern Company Tom Fanning explains it best. As he said in a release, following last summer’s private sector cybersecurity meeting at the White House:
“Virtually unchecked for years our adversaries have been stealing our intellectual property, disrupting our commerce and threatening our democratic way of life. In large part, this war is being waged on our nation's critical infrastructure, in particular our energy sector, telecommunications networks and financial systems. The private sector owns and operates 87 percent of the critical infrastructure in the U.S., making collaboration between industry and the federal government imperative to thwart these attacks.“
We cannot keep shouting from the rooftops about the need for a collective approach to cybersecurity. Now is the time to make it happen.