As the Ukraine war rages on, Russia is attempting to deter western assistance to the embattled nation by threatening cyberattacks. Apple was recently the suspected target of one such assault.
Charles Gasparino, in a published report, warns that that “Russia appears to have officially declared cyberwar on the US, taking what’s been described as preliminary steps at crippling its banking system and possibly other major industries.”
From at least January 2020, through February 2022, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA) have observed regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors. The actors have targeted both large and small CDCs and subcontractors with varying levels of cybersecurity protocols and resources. On March 24, 2022, the U.S. Department of Justice unsealed indictments of three Russian Federal Security Service (FSB) officers and a Russian Federation Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM) employee for their involvement in intrusion campaigns against U.S. and international oil refineries, nuclear facilities, and energy companies.
Cyber attacks emanating from Russia are not new. The Colonial Pipeline and the JBS meat processing corporation were previous targets. In response, the Biden Administration issued a bizarre statement containing a list of 16 infrastructure entities that the President warned Moscow not to hit, essentially giving a green light to attack everyone else.
Ina Fox News Interview, Rebecca Heinrichs, a senior fellow at the Hudson Institute explained “”It could actually entice Russia to increase attacks against all the other entities besides those 16 things. We should be complicating Russia’s calculations not making them simpler and certainly not essentially green-lighting any kinds of attacks… Sen. Ron Johnson, (R-Wis.) told Fox News ‘Together with deciding not to impose sanctions to halt the completion of the Nord Stream 2 pipeline, his limited demand on cyberattacks signals weakness that our adversaries will notice and take advantage of,’ said Johnson, who sits on the Senate Homeland Security and Governmental Affairs Committee.”
Biden’s odd attitude towards cyber security has been noted. In 2021,Maggie Miller, writing for The Hill, noted that “President Biden‘s $2.25 trillion infrastructure plan does not include any funds to protect critical infrastructure against cyberattacks, even as the threat grows against targets such as the electric grid. Experts say it was disappointing to see there were no funds set aside to defend systems critical to everyday life from hackers, particularly as the proposal calls for things like $100 billion for improving grid resiliency, the creation of new jobs and developing more clean electricity.”
The Biden Administration has even attempted to pass the buck on this area of defense policy to the private sector. Rather unusually, notes Ryan Lovelace, in the Washington Examiner, “President Biden telling the private sector it is responsible for its own defense against Russian cyberattacks has drawn critics who counter that fighting off a hostile nation is the federal government’s job.” In a statement, the White has urged “our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year. You have the power, the capacity, and the responsibility to strengthen the cybersecurity and resilience of the critical services and technologies on which Americans rely. We need everyone to do their part to meet one of the defining threats of our time — your vigilance and urgency today can prevent or mitigate attacks tomorrow.”
Earlier in his Administration, Biden had been criticized for his failure to timely appoint a “Cyber defense Czar.” Eventually, however, National Cyber Director Chris Inglis and National Security Agency Cybersecurity Director Rob Joyce were appointed.
Illustration: Pixabay