Their concerns, echoed in C-suites and around Washington, follow recent warnings from the Biden administration that U.S. firms should harden their defenses against potential cyberattacks that could disrupt the nation’s critical infrastructure.
American officials say there are no current threats against the U.S. But they have nonetheless urged organizations to plan for worst-case scenarios and more aggressively monitor their computer networks for possible intrusions.
“Right now, everybody needs to be at a heightened alert in the event this continues to escalate, and Russia tries to sway political opinion by causing damage in the United States and its Western allies,” said David Kennedy, the chief executive officer of security firm TrustedSec. He said companies should be going through their computer infrastructure “with a fine-tooth comb” to ensure previous intrusions can’t be used to cause future, more damaging, attacks.
Major U.S. banks, for instance, fear aggressive cyberattacks if Washington imposes deeper financial sanctions on Russia, said two banking executives who spoke on condition of anonymity to discuss private conversations. CEOs of major financial firms and their cybersecurity experts recently met with Treasury officials as Russian threats of war intensified, according to the executives. (The New York Times previously reported the meeting.)
Russian President Vladimir Putin warned Thursday that any foreign attempts to interfere with Russia’s actions in would lead to “consequences you have never experienced,” according to remarks of his speech provided by the Kremlin. U.S. officials have tied recent cyberattacks on government websites and banks in Ukraine to the Russian government.
On Thursday, President Joe Biden warned that the U.S. is “prepared to respond” to any cyberattacks.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, has been urging U.S. businesses and organizations to be prepared for cyberattacks, despite the lack of specific threats. “Russia may consider taking retaliatory action in response to sanctions that may impact our critical infrastructure,” she tweeted on Tuesday. Those warnings were echoed by Energy Secretary Jennifer Granholm in a letter Wednesday to energy executives, urging them to prepare to “the highest possible level for potential Russia-linked cyber and disinformation activity or cybercriminal activity from actors seeking to exploit the ongoing geopolitical situation.”
CISA’s “Shields Up” campaign has encouraged cyber preparedness in recent days, from ensuring that software is up to date to designating a crisis-response team for a suspected cybersecurity incident. “The Russian government understands that disabling or destroying critical infrastructure— including power and communications — can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives,” according to a webpage devoted to the campaign.
Speaking on a panel for the Aspen Institute last week, Easterly said, “We all recognize that early warnings of a cyberattack effecting U.S. organizations are frankly going to be identified by very likely a private company first rather than the government.”
Michael Daniel, who served as a cybersecurity coordinator under President Barack Obama, said he is most worried about a Russian hacking operation that spirals out of control. “I think it’s almost inevitable that there will be some sort of spillover effect,” he said, which could start with neighboring countries but extend further to the U.S.
Steven Silberstein, chief executive officer of the Financial Services Information Sharing and Analysis Center, known as FS-ISAC, an organization that shares cyber intelligence among financial institutions around the world, said in a statement: “Our global intelligence team is continuing to actively assess the situation through enhanced monitoring and cross-border threat intelligence sharing across the financial services sector. Our members and the broader financial services industry remain vigilant.”
Electric utilities are “closely monitoring the situation and are coordinating across the industry and with our government partners,” said Scott Aaronson, a security executive at the Edison Electric Institute, a trade group. The Solar Energy Industries Association, meanwhile, encouraged its members in a message Thursday to “discuss your organization’s cyber response procedures with your staff and have a clear understanding of everyone’s roles and responsibilities.”
Other experts urged caution, saying it wasn’t a given that Russia would wage cyberattacks against American organizations in retaliation. Adam Meyers, senior vice president for intelligence at the cybersecurity firm Crowdstrike Holdings Inc., said he didn’t currently anticipate Russia attacking U.S. targets in retaliation for sanctions or other actions from the Biden administration.
Meyers said the “guise” of the Russian effort is a peacekeeping mission, and “to them attack Western entities would be problematic for that narrative.”