Despite the ongoing conflict in Ukraine, the head of the United States Cybersecurity and Infrastructure Security Agency stated that American networks have yet to be subjected to substantial assaults by Russian operations.
“To date, we have not seen specific attacks on the U.S.,” CISA Director Jen Easterly said April 28. “What we are concerned about is the fact that Russia’s malicious cyber activity is part of their playbook.”
President Joe Biden issued a brief warning in March that emerging data indicated that Russia was plotting future cyberattacks against the United States. He also stated that Russia’s cyber capability is “pretty important, and it’s coming.”
As Russia invaded Ukraine in late February, lawmakers and academics raised similar fears. Easterly testified before a House budget subcommittee on Thursday that such assaults had yet to occur.
“To date, thankfully, we have not seen attacks manifest here,” she said. “But we are very concerned that as the war drags on, there may, in fact, be retaliatory attacks given the very severe sanctions we have imposed on the Kremlin, the U.S. and our allies.”
Russia has traditionally employed cyberattacks to project its troops and affect events that occur outside of its borders. Its incursion into Ukraine was preceded by a wave of hostile intrusions that paralyzed government websites and jumbled communications. According to the State Service of Special Communication and Information Protection, Ukraine is still under attack in the digital sphere, with cyberattacks tripling from the previous year.
Russia has denied any involvement.
According to Easterly, the cyber threat that the United States faces is likely to take three forms: international spillover, such as the NotPetya fiasco in 2017; criminal ransomware attacks, such as those that paralyzed the Colonial Pipeline and JBS Foods; and deliberate action by “Russian state-sponsored actors” against critical infrastructure, such as the communications, energy, and medical sectors.
“The threat environment isn’t becoming any less dynamic, complicated, or deadly,” Easterly said, adding that “threat actors aren’t becoming any less clever.”
Last month, Bryan Vorndran, associate director of the FBI’s cyber division, warned Congress that Russia is a “mighty opponent.” He corroborated claims that Russia is progressively analyzing important infrastructure in the United States, which might be a precursor to a breach.
“As our adversaries grow more proficient and stealthy, we are particularly worried about our capacity to detect and warn about specific cyber activities against US businesses,” Vorndran said in his testimony to the House Judiciary Committee. “Perhaps most concerning is their concentration on jeopardizing essential infrastructure in the United States, particularly during a crisis.”
CISA, which is part of the Department of Homeland Security, is in charge of efforts to assess, manage, and eliminate threats to the United States’ cyber and physical infrastructure. The agency frequently collaborates with the FBI, the NSA, and overseas partners.
President Joe Biden’s fiscal 2023 budget proposal contained $2.5 billion for CISA, an increase of nearly 18% above what was asked in 2022. On Thursday, Easterly stated that the proposed investment “truly acknowledges the criticality of our mission and gives the resources that we require to fulfill it.”
The president’s budget also included $11.2 billion for Pentagon cyber, an increase of about 8% above the administration’s prior request.