Russia has conducted multiple cyberattacks on Ukraine during its ongoing invasion of the smaller, neighboring nation—and cyber disruptions associated with this conflict could potentially impact other countries down the line, senior U.S. national security officials confirmed on Tuesday.
“We have to be prepared for the Russians and any other threat that would try to put us at risk in cyberspace. In terms of Russia, they have conducted several attacks in Ukraine—three or four upon which we’ve watched and we’ve tracked very carefully,” Army Gen. Paul Nakasone, U.S. Cyber Command commander and National Security Agency director explained during the House Intelligence Committee’s worldwide threats hearing.
Such recurring hearings stand to provide Congress members with updates on direct and indirect risks to the American public and national security for the next year. The intelligence community’s 2022 Annual Threat Assessment Report was published in connection to it.
That document, like others in recent years, names China as the U.S.’ greatest cyber threat. It also deems Russia a “top cyber threat” that is “focused on improving its ability to target critical infrastructure.” The two countries “continue deepening diplomatic, defense and technology cooperation” to challenge the U.S., officials noted in it.
Prepared with information as of January 21, and released in February, the report essentially offers baseline assessments of pressing threats to U.S. national interests, up to that point. It was referred to many times throughout the hearing, but during the 3-hour event officials also placed a sharp focus on the invasion that’s been escalating in past weeks.
“The human toll of the conflict is already considerable and only increasing. Thus far the Russian and Ukrainian militaries have probably suffered thousands of casualties, along with numerous civilian deaths—and of course, well more than a million people have fled Ukraine since Russia invaded,” National Intelligence Director Avril Haines said.
“I don’t know that we have direct evidence [of Vladimir Putin-led war crimes against Ukraine] besides what we see on social media,” Defense Intelligence Agency Director Lt. Gen. Scott Berrier also noted. “Certainly, the bombing of schools and facilities that are not associated with the Ukrainian government would indicate to me that he’s stepping up right to the line if he hasn’t done so already.”
Their comments and those from the other witnesses during the hearing also shed light on certain technological and cyber elements connected to this conflict. For instance, many experts predict Russia could launch hacking campaigns or more malicious activities in cyberspace as part of its strategy.
“In terms of why they haven’t done more, I think that that’s obviously some of the work that the Ukrainians have done, some of the challenges that the Russians have encountered and some of the work that others have been able to do to prevent their actions—and so it has not been what we’d anticipate when we were going into this several weeks ago,” Nakasone said.
Though he noted that his team has a “high degree of vigilance for a number of different threat streams” including ones “not necessarily predicated” on these events in Ukraine, the cyber chief also listed four areas of concern involving Russia and cybersecurity that his units are tracking.
“We’re very, very focused on ransomware actors that might conduct attacks against our allies or our nation. We’re very, very focused on some type of cyber activity that’s designed for perhaps Ukraine that spreads more broadly into other countries. Third, is any type of attack that an adversary would conduct against an ally,” Nakasone explained. “And then finally, certainly our critical infrastructure. Those are really the areas that we look at so carefully. It’s done with a series of partners—it’s interagency partners. It’s our partners that exist in the private sector. It’s with obviously a series of partners that are allied, as well.”
FBI Director Christopher Wray added his agency is also targeting ransomware, and that “spillover effect” Nakasone mentioned.
“In other words, even if the Russians think they have carefully calibrated some form of malicious cyber activity against our critical infrastructure, the reality is they’ve shown the history of not being able to kind of manage the effects of it as well as they intend—even if you give them the benefit of the doubt. I tend not to,” Wray said. “So for example, the NotPetya attack was kind of widely viewed as one of the most destructive attacks in the history of the world. And that’s a [Russian intelligence arm-steered] attack that it had that kind of spillover effect. So, that’s something we’re deeply concerned about.”
Multiple lawmakers also asked about concerns that Russia might use cryptocurrency to evade the international sanctions its facing. The witnesses said it was necessary to discuss the matter in the classified briefing that was set to follow the public hearing.