WASHINGTON – In late 2015, lights went out in a part of Ukraine as Russian hackers remotely took control of an electric utility’s control center and shut down one power station after another while company operators Helplessly staring at his screen.
The same thing happened the next year, this time around the capital, Kiev.
Now the United States and Britain have quietly sent cyberwarfare experts to Ukraine so that the country is under the control of Russian President Vladimir V. Better preparedness may be expected to face Putin’s next move, as he again threatens the former Soviet republic: not an invasion. Take down the grid, the banking system and other important components of Ukraine’s economy and government.
According to US intelligence assessments, Russia’s goal would be to make Ukraine’s President Volodymyr Zelensky appear inept and defenseless – and perhaps provide an excuse for an invasion.
In a sense, the Russian cyber campaign against Ukraine has never stopped, US officials say, although it did not bubble at a low level until recently. But in interviews, US officials and experts say the crackdown has intensified over the past month, while public attention is focused on building up the military.
Dmitry Alperovich, a principal investigator of Russian cyber activity and president of the Silverado Policy Accelerator, a new research group in Washington, said, “This is a broad campaign targeting several Ukrainian government agencies including internal affairs – the national police – and their electric utilities. “
Mr Alperovich, who immigrated to the United States from Russia as a child, said Russian leaders see the cyberattack as “preparing for the battlefield”.
US officials say a military offensive is not certain. Speaking at the Council on Foreign Relations, President Biden’s national security adviser, Jake Sullivan, said, “The current assessment of the US government is that they have not made a decision.” Mr Sullivan did not address Russian cyber activity, but it is drawing intense attention to the White House, the CIA, the National Security Agency and the United States Cyber Command, whose “cyber mission forces” are deployed around the world to identify vulnerabilities. Huh.
Russian cyber activity was discussed by about a dozen officials, who requested anonymity because the information was derived from sensitive discussions about classified intelligence and mitigating the Russian threat. Those conversations have focused on whether Mr Putin thinks that a crippling of Ukraine’s infrastructure may be his best hope of achieving his primary goal: ousting the Ukrainian government and treating it as a puppet leader. change with
A senior intelligence official said, the calculation would be that such an attack would not require him to occupy the country – or suffer the many sanctions that would almost certainly follow a physical attack.
Mr Putin is already working to build support domestically and in Africa and South and Central America. The Russian-led information campaign has focused on discrediting the Ukrainian government and accusing its leader of causing a humanitarian crisis in the country’s east, where Ukrainian government forces have been involved in Russian-led separatists for years, according to the US and allied officials. are struggling with.
US officials declined to describe the cyber teams that were deployed in Ukraine. In a statement, the Biden administration said only that “we support Ukraine’s efforts to shore up longstanding cyber security and enhance its cyber capability.”
A British government spokesman said the aid Britain and its allies were providing was of a defensive nature.
Although neither government would provide details, officials said the United States was considering a larger deployment, including Cyber Command’s resources. But it’s not clear how well a large team can do other than demonstrate support.
“There’s a lot to patch,” said a US official.
The Ukrainian grid was built in the days of the Soviet Union, which was connected to Russia. It has been upgraded with Russian parts. Software is as familiar to attackers as its operators. And while Ukraine has repeatedly vowed to fix its system, Mr. Putin’s hackers, or at least teams loyal to him, have repeatedly shown they know how to block parts of the country.
In an interview, Sean Plankey, a former Energy Department cyber expert who is now an executive at DataRobot, said that Russian hackers understand every juxtaposition in design — and most likely have insiders who can help them.
As Ukrainians have learned, preventing cyberattacks on critical infrastructure is particularly difficult. In the cyberworld, there is no broad consensus about what constitutes an act of war, nor is there any consensus about how deeply Mr Putin can damage Ukraine without triggering a Western response. In the past, his attacks on Ukraine have resulted in almost no response.
The 2015 attack, which began in late December, was particularly instructive. It was directed at a major operator of Ukraine’s grid. Videos taken during the attack showed a skeleton crew of operators – the attackers knew the holidays would be a particularly vulnerable time – struggling to understand what was happening as the hackers took away their screens. was taken from Substations were closed. From neighborhood to neighborhood, there was darkness in the light.
“It was overwhelming for us,” Andy Ozment, who runs cyber emergency response for the Department of Homeland Security, said at the time. “The exact scenario we were concerned about wasn’t paranoia. It was playing out before our eyes.” The hackers had a final flourish: The last thing they shut down was an emergency power out at the utility company’s operations center, leaving Ukrainian workers in their seats in the dark, cursing.
With the holidays approaching again, US officials say they are on high alert. But if Mr. Putin launches the cyberattack, either as a stand-alone action or as a precursor to a physical-world attack, it will most likely happen the end of the first week of January, after Orthodox Christmas. In, according to the people. Gave intelligence.
Understand the rising tension on Ukraine
The US and allied officials have discussed a range of sanctions that could potentially deter Russia. But all measures that could possibly cut Russia’s care enough will also cause pain in Europe, which is highly dependent on Russia for its winter energy supply.
Senator Angus King of Maine, a member of the Senate Intelligence Committee, said in an interview that if there was an attack, the first sign would be in cyberspace.
“I don’t think there is any doubt that if there is an invasion or other type of incursion into Ukraine, it will start with cyber,” said Mr. King, an independent who cooperates with Democrats.
Mr. King has long argued that the United States and its allies need to think more deeply about how to prevent cyber attacks. The United States, Mr. King said, should issue a declarative policy about what the consequences of such attacks would be.
“So the question is,” said Mr. King, “what tools do we have to stop this?”
Representative Mike Gallagher, a Wisconsin Republican who leads the Cybersecurity Solarium Commission with Mr. King, said the United States should try to stop a cyberattack on Ukraine by making it clear that it would prompt a stronger response. .
“We must prepare our cyber response,” Gallagher said. “We have very powerful weapons in the cyber domain that we can use against Putin if he wants to go further. We think we are divided, but we have plenty of options to prevent this from turning into a full-blown crisis. .
A cyber operation keeps the allure on a full-fledged military campaign for Moscow, as Russia can operate under a thin veil of denial. And Mr. Putin has demonstrated over the past decade that even the smallest of disguises are good.
In previous cyber attacks on Ukraine, Russian operatives had made the infiltration look like the work of criminal groups.
“After the fact, you can be pretty sure that we saw state activity using false flags of criminal activity,” said Jim Richberg, former national intelligence manager for cyber and now vice president of security firm Fortinet. “They wanted it to have a massive impact on critical infrastructure in Ukraine and made it seem like a criminal thing that went awry.”
For Mr. Putin, a cyberattack that he can officially deny, but which no one doubts is his handiwork, is the best of both worlds.
“For someone like Putin, part of it is to be seen, a message to be conveyed,” Mr. Richberg said. “They may be good, but being good doesn’t mean they want to be invisible.”