IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

What Do Russia’s Aggressions Mean for U.S. Cybersecurity?

U.S. organizations should up their defenses for the possibility of a Russian cyber attack or misinformation campaign, CISA says. Russian cyber strategies against Ukraine and its allies could evolve.

Two hackers in hoodies on laptops with the U.S. and and Russian flags behind them.
As Russia escalates its aggression toward Ukraine, the U.S. is keeping a close eye on cyber threats.

During an Aspen Institute panel last Friday, federal and private-sector cybersecurity experts discussed how Russia may use cyber threats and misinformation against Ukraine and its allies and how U.S. organizations should prepare.

As of the Feb. 18 discussion, Russia had not made any “specific, credible threats” against the U.S., but organizations should still seize the moment to get their defenses and resiliency plans in order, said Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly.

“Threats to our digital infrastructure are, of course, not bound by national borders,” Easterly said. “Our networks and our critical infrastructure are integrated into a larger global cyber ecosystem, which means that we all need to be ready. As I like to say, ‘Shields up.’”


Russia’s cyber attacks against Ukraine appear intended to not only disrupt critical operations but also undermine public confidence in the government’s ability to keep them safe.

Russia is likely to use cyber attacks to support on-the-ground aggression, such as by taking out commercial satellites that let Ukraine get intel on Russian troop movements, said Herb Lin, senior research scholar at Stanford University’s Center for International Security and Cooperation.

Organizations and resources with military and economic significance may be the most obvious targets, but they aren’t the only ones. Another key strategy is to incite panic among residents by hitting targets that have a lot of public visibility, said Sandra Joyce, head of global intelligence and executive vice president at cybersecurity firm Mandiant.

Last week, a distributed denial of service (DDoS) attack disrupted websites for two state-run banks and several government websites. The U.S. credited this attack to Russia.

The DDoS attack was quickly followed up by SMS messages sent to bank customers telling them that financial institutions were offline. These messages exacerbated the DDoS problem by prompting customers to check the sites — adding yet more traffic — and sparking fear among residents, Joyce said.

Lin said Russia might aim cyber attacks at hospitals to make residents more afraid to fight or remain in the country, based on the fear that they wouldn’t have access to medical care should they be injured.


Russia will likely want to attack Ukrainian newspapers to muddy information, Joyce said.

Such a move would probably help false narratives flourish.

Misinformation is a major concern for Ukraine and its supporters. Already, hackers believed to be backed by Russia have pushed false narratives to sow divisions between Ukraine and NATO, Joyce said.

The U.S. can anticipate being targeted by misinformation, disinformation and malinformation (MDM) as well. MDM campaigns would in all likelihood strive to “bias the development of policy and undermine the security of the U.S.,” Easterly said.

CISA released a resource on Feb. 18 intended to help critical infrastructure owners and operators identify foreign influence campaigns and reduce their impact. The guide includes steps like advising staff to better secure access to their social media accounts, monitoring for suspicious indicators like sudden surges in online followers or mentions and considering how to field questions from media and inform authorities in the case of a false narrative.

The federal government has also changed its strategy and begun more quickly declassifying intelligence about Russian false-flag disinformation efforts — something Joyce said is key for timely debunking.


As countries guess what Russia’s next moves will be, experts are aware of Russia’s ransomware capabilities. Criminal gangs have been operating in the country for years, honing their skills, noted former CISA director Chris Krebs.

Russia’s recent arrest of several REvil members should be taken as a veiled threat, Krebs and Lin said. The move aims to remind the world that Russia has skilled hackers at its disposal and can mobilize them as easily as it can arrest them.

“What Russia has done is it’s pointed out, ‘Hi, we have these people, and we can control them. We can turn them on, or we can turn them off,’” Lin said.


CISA is urging U.S. organizations to prepare for the possibility that Russia launches cyber attacks against the U.S. Getting defenses and response strategies in order now will also ensure that — even if no threats emerge this time around — organizations are prepared for the next cyber emergency down the line.

“Don’t let a good crisis go to waste,” Krebs said.

Easterly asked private firms to promptly report incidents to federal agencies, so that CISA has the details it needs to see threat patterns. When it’s uncertain if an incident is significant enough, companies should err on the side of over-reporting as opposed to the alternative.

“Organizations need to lower their thresholds for escalating anomalous activity and sharing that information with the government,” Easterly said. “This is crucial because we all recognize that early warnings of a cyber attack affecting U.S. organizations are frankly very likely going to be identified by a private company first.”

CISA has released several resources, including guides designed for executive-level leadership, technical advice for critical network defenders about known Russian tactics and techniques and a Shields Up website explaining steps all organizations should take to boost their cyber postures.

CISA and private cybersecurity firms that participate in the agency’s Joint Cyber Defense Collaborative (JCDC) are also offering free tools and services, Easterly said. The offerings, which include antivirus software and vulnerability assessment solutions, are aimed at critical infrastructure owners and operators and state and local governments.
Jule Pattison-Gordon is a senior staff writer for Government Technology. She previously wrote for PYMNTS and The Bay State Banner, and holds a B.A. in creative writing from Carnegie Mellon. She’s based outside Boston.