US officials: Russian cyber threat remains high

Senior U.S. cyber officials urged companies to remain on high alert for cyberattacks as a consequence of Russia’s war in Ukraine, saying the warnings are based on intelligence assessments of potential strikes.

Since the start of Russia’s invasion of Ukraine in February, federal agencies including the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Federal Bureau of Investigation have warned of potential cyberattacks against critical infrastructure operators, The Wall Street Journal reports. 

Jen Easterly, CISA’s director, said on the sidelines of the RSA Conference in San Francisco on June 7 that despite a lack of major attacks against Western infrastructure since the war began, companies shouldn’t let their guard down.

“I don’t think we are out of the woods in terms of a threat at this point in time. We’re only 100 days into this war,” she said. “We know that it’s part of the Russian playbook to use malicious cyber activity, whether it’s through a state-sponsored entity, whether it’s through criminally aligned groups.”

Ms. Easterly pointed to incidents such as the hack of satellites operated by Viasat Inc. on the eve of the invasion as proof that cyberattacks can and have spilled over from the theatre of conflict, where she said the agency has seen significant cyber activity.

Also speaking on the sidelines of the conference, National Cyber Director Chris Inglis said that all warnings issued to the public have been based on U.S. intelligence assessments that Russia poses a credible threat to public infrastructure. Moscow has consistently denied planning, launching or targeting cyberattacks against U.S. interests.

Robert Joyce, the NSA’s cybersecurity director, said the advisories issued by his agency, CISA and others are an expression of confidence that attacks were actively planned, with only the timing of their execution in question.

“What I can say is, from intelligence, the threat was and is real. The Russians have a capability that we need to be cautious about, and they are at a decision point of if or when they choose to apply that,” he said.