US, Britain help Ukraine prepare for potential Russian cyberattack
WASHINGTON – In the dying days of 2015, lights went out in part of Ukraine as Russian hackers remotely seized the control center of an electric utility and shut down a power plant after the other, as the company operators stared helplessly at their screens.
The following year, the same thing happened, this time around the capital Kiev.
Now the United States and Britain have quietly sent cyber warfare experts to Ukraine in hopes of better preparing the country for what they believe is Russian President Vladimir V. Putin’s next move as it threatens again the old Soviet republic: not an invasion with the 175,000 soldiers it assembles at the border, but cyber attacks which destroy the electricity grid, the banking system and other essential elements of the economy and the Ukrainian government.
Russia’s goal, according to U.S. intelligence assessments, is to make Ukrainian President Volodymyr Zelensky look inept and helpless – and perhaps provide an excuse for an invasion.
In a sense, the Russian cybercampaign against Ukraine never ended, US officials say, although until recently it was boiling at a low level. But in interviews, U.S. officials and experts say action has escalated over the past month even as public attention has focused on the troop build-up.
“This is a widespread campaign targeting many Ukrainian government agencies, including home affairs – the national police – and their electric utilities,” said Dmitry Alperovich, a leading Russian cyber activity investigator and chairman of Silverado Policy Accelerator, a new research group in Washington.
Mr Alperovich, who emigrated from Russia to the United States as a child, said the Russian leader viewed cyber attacks as “preparation for the battlefield”.
US officials say a military invasion is far from certain. “The current assessment of the US government is that it has not made a decision,” said Jake Sullivan, President Biden’s national security adviser, speaking to the Council on Foreign Relations. Mr. Sullivan did not address Russian cyber activity, but it received intense attention from the White House, the CIA, the National Security Agency and the United States Cyber ââCommand, including “Cyber ââforces” are deployed to identify vulnerabilities around the world.
Russian cyber activity was discussed by around a dozen officials, who requested anonymity as the information came from classified intelligence and sensitive discussions on how to mitigate the Russian threat. Those conversations focused on whether Mr Putin thinks a paralysis of Ukraine’s infrastructure might be his best hope of achieving his main goal: to overthrow the Ukrainian government and replace it with a puppet leader.
The math, a senior intelligence official said, would be that such an attack wouldn’t force him to occupy the country – or face as many sanctions that would almost certainly follow a physical invasion.
Already, Mr. Putin has worked to build support nationally, in Africa, South America and Central America. Russian-led information campaigns have focused on smearing the Ukrainian government and accusing its leader of creating a humanitarian crisis in the east of the country, where Ukrainian government forces are fighting separatists led by Russia for years, according to US officials and allies.
US officials declined to describe the cyber teams that have been inserted in Ukraine. In a statement, the Biden administration only said that “we have long supported Ukraine’s efforts to strengthen its cyber defenses and increase its cyber resilience.”
A British government spokeswoman said the aid provided by Britain and its allies was defensive in nature.
While neither government provided details, officials said the United States was considering a larger deployment, including US Cyber ââCommand assets. But it’s unclear how much a bigger team could do beyond showing their support.
“There is too much to fix,” said a US official.
The Ukrainian network was built during the days of the Soviet Union, connected to that of Russia. It was improved with Russian coins. The software is as familiar to attackers as it is to its operators. And while Ukraine has repeatedly promised to fix its system, Mr. Putin’s hackers, or at least the teams loyal to him, have repeatedly shown that they know how to shut down parts of the country.
In an interview, Sean Plankey, a former Energy Department cyber expert who is now an executive at DataRobot, said Russian hackers understand all design links – and most likely have insiders who can help them.
As the Ukrainians have learned, a cyber attack on critical infrastructure is particularly difficult to deter. In the cyber world, there is no broad consensus on what constitutes an act of war, nor agreement on how deeply Mr Putin could harm Ukraine without triggering a Western response. In the past, its attacks on Ukraine have elicited almost no response.
The 2015 attack, which began at the end of December, was particularly instructive. He was speaking to a major operator of the Ukrainian network. Videos taken during the attack showed a small team of operators – the attackers knew the holidays would be a particularly vulnerable time – struggling to understand what was happening as hackers grabbed their screens remotely. The substations have been turned off. Neighborhood by neighborhood, the lights went out.
“It was breathtaking for us,” said At the time Andy Ozment, who led the cyber emergency response for the Department of Homeland Security and helped investigate the attacks. âThe exact scenario we were concerned about was not paranoia. It was unfolding before our eyes. The hackers had one final blow: the last thing they cut was the emergency power supply to the utility company’s operating center, so Ukrainian workers sat in the dark , swearing.
As the holidays approach, US officials say they are on high alert. But if Mr Putin launches a cyberattack, either as a stand-alone action or as a precursor to an attack in the physical world, it will most likely come after Orthodox Christmas, at the end of the first week of January, according to the people. informed of the intelligence.
Understanding the escalating tensions over Ukraine
U.S. and Allied officials have discussed a variety of sanctions that could potentially deter Russia. But any measures that could possibly cut deep enough for Russia to care would also cause pain in Europe, which relies heavily on Russia for winter energy supplies.
Senator Angus King of Maine, a member of the Senate Intelligence Committee, said in an interview that if an invasion does take place, the first sign will be in cyberspace.
“I don’t think there is any doubt that if there is an invasion or some other kind of incursion into Ukraine, it will start with cyber,” said Mr King, an independent who speaks with the United States. democrats.
Mr. King has long argued that the United States and its allies need to think more deeply about how to deter cyber attacks. The United States, King said, should issue a declaratory policy on the consequences of such attacks.
âSo the question is,â Mr. King said, âwhat are our tools to deter this? “
Rep. Mike Gallagher, Republican from Wisconsin who, along with Mr King, heads the Cyberspace Solarium Commission, said the United States should try to prevent a cyberattack on Ukraine by making it clear that it will elicit a firm response. .
âWe should prepare our own cyber response,â Gallagher said. âWe have very powerful weapons in the cyber domain that we could use against Putin if he chooses to go further. We seem divided, but we have a lot of options to prevent this from escalating into a total crisis. “
A cyberoperation holds back Moscow’s appeal over a full-fledged military operation, as Russia can operate under a thin veil of denial. And Mr. Putin has demonstrated over the past decade that the lightest of disguises is enough.
In previous cyber attacks on Ukraine, Russian agents have portrayed the incursions as the work of criminal groups.
âAfter the fact, you can be pretty sure what we saw was state activity, using the false flag of criminal activity,â said Jim Richberg, former national intelligence officer for cyber and now vice president of Fortinet, a security company. “They wanted it to have such a broad impact on critical infrastructure in Ukraine and make it look like a criminal case has gone badly wrong.”
For Mr. Putin, a cyberattack which he can officially deny, but which no one doubts is his work, is the best of both worlds.
“Part of it for someone like Putin is to be seen, to deliver a message,” Richberg said. “They can be good, but being good doesn’t mean they want to be invisible.”