Russia’s cyber operations against Ukraine may not have made as big an impact as some Western officials and cybersecurity experts first feared following the start of last year’s invasion, but top U.S. officials warn that is no reason to underestimate Moscow’s cyber exploits.
Instead, these officials caution Russia’s cyber warriors remain actively engaged in a cat-and-mouse game with Ukraine, while learning from each attack and preparing, possibly, to expand their operations beyond Ukraine’s borders.
"In cyber, I think people have underestimated really how much game they [Russia] brought, whether it be the Viasat hack to nine or 10 different families of brand-new, unique wiper viruses that have been thrown in that ecosystem,” said Rob Joyce, the National Security Agency’s director of cybersecurity, to an audience Tuesday at the Center for Strategic and International Studies in Washington.
"There's continued attacks on Ukrainian interests, whether it's financial, government, personal, individual, business — just trying to be disruptive,” he added.
'It's a constant fight'
Joyce is not alone in his assessment of the ongoing dangers from Russia’s cyber operations.
“We haven't seen really any slowdown,” a senior defense official told reporters on the condition of anonymity late last month during a briefing to the Defense Writers Group in Washington.
“It's a constant fight between what the adversary [Russia] is trying to do and what the Ukrainian network defenders are trying to do,” the official said. “We see and have information shared with us about efforts to continue to compromise various Ukrainian networks from MoD [Ministry of Defense] to critical infrastructure.”
Weeks earlier, NSA Director General Paul Nakasone told lawmakers that Moscow’s cyber activities against Ukraine remain under intense scrutiny.
“By no means is this done,” he said.
Ukrainian officials have also voiced increased concern, noting the pace of Russian cyberattacks has been increasing, even as Moscow works to better coordinate cyber operations with conventional military strikes.
The NSA’s Joyce, on Tuesday, agreed Russia’s tradecraft appears to be improving.
“There's creative things going on,” he told the audience at CSIS.
“We're watching the Russian hackers log in to public-facing webcams to watch convoys and trains delivering aid,” Joyce said. “But they're also hacking those webcams where … they're looking out the coffee shop security camera and seeing the road they need to see.”
Joyce also warned that Russia’s cyber operations have also put U.S. companies in their crosshairs.
“Most of the pressure is at the defense industrial base and the logistical transport companies who are moving lethal aid [to Ukraine]," he said. “They are under daily pressure from the Russians.”
China cyber ops
Joyce also voiced concerns about China’s ever expanding cyber capabilities.
“Yes, there is an enormous amount of unsophisticated loud Chinese threat, but there are also elite units that have tools and tradecraft that is very sophisticated," he said. “That's the concern as they're able to scale and use that elite set of concepts and tools in a much bigger piece.”
As for how that could play out should China decide to invade Taiwan, Joyce encouraged private sector companies to start preparing now.
"You don't want to be starting that planning the week before an invasion when you're starting to see the White House saying it's coming,” he said.