The Biden administration said Wednesday that it’s too soon to tell if the policy toward Moscow has succeeded in reining in cyberattacks emanating from Russia.
Several months after President Biden met with Russian President Vladimir Putin and said American critical infrastructure is off-limits from attackers, federal cyber officials said malicious cyberactivity from Russia is changing but they cannot yet fully explain why.
At a House Homeland Security Committee hearing, Rep. Elissa Slotkin pressed National Cyber Director John C. Inglis about whether the administration’s policy toward Russia made any difference.
“Since the summit between the president and Putin and the president laying down that marker, have we seen attacks from Russian based groups, particularly those groups that were responsible for some of our biggest disruptions, have you seen a decrease, an increase, or no change in their level of attempts to attack us?” asked Ms. Slotkin, Michigan Democrat.
“I think that answering the question head-on, we have seen a discernible decrease,” said Mr. Inglis. “It’s too soon to tell whether that is because of the material efforts undertaken by the Russians or the Russian leadership. It may well be that the transgressors in this space have simply [laid] low understanding that this is, for the moment, a very hot time for them.”
Government and private-sector cybersecurity professionals have blamed hacks on federal networks and ransomware attacks hammering critical infrastructure on various cyber criminals operating in Russia.
Hacks and cyberattacks with links to Russia have continued to hit Americans. For example, a ransomware gang connected to Russia named Grief claimed the National Rifle Association as a victim last week. Cybersecurity professionals have linked Grief to Evil Corp., which the Treasury Department sanctioned in 2019.
Alongside Mr. Biden’s admonishments to Mr. Putin, the administration slapped sanctions on Russia for the SolarWinds hack of computer network management software that disrupted government operations.
In April, the Treasury Department said its sanctions were designed to crush technology companies that support Russia’s malicious cyber action against the U.S. and prohibit “certain dealings in Russian sovereign debt.”
The federal government has continued to deploy targeted sanctions to alter the behavior of alleged cybercriminals in Russia. In September, the Biden administration hit a cryptocurrency exchange that operates in Russia with sanctions because it allegedly facilitated payments to cybergangs.
The Commerce Department on Wednesday added Positive Technologies in Russia to its Entity List, which bans foreign people and businesses from operating in the U.S. The Biden administration determined that the group trafficked in “cyber tools used to gain unauthorized access to information systems.”
At an Aspen Security Forum on Wednesday, another top cybersecurity official also said it was undetermined if the policies caused a change in the behavior of Russian cybercriminals.
“What I would say is, let’s let this play out. There’s engagement going on again in a realm that’s, it’s outside of what I do but I would say that it’s too early to tell,” said Army Gen. Paul Nakasone, National Security Agency director and commander of U.S. Cyber Command.
New details about Russia’s appetite for working with America could come soon.
Mr. Inglis told Ms. Slotkin that Americans would be able to judge Russia’s assistance in combating cybercrime over the long term and whether Moscow is cooperating with Washington’s efforts.
On that front, CIA director William Burns led a delegation of senior U.S. officials to Moscow this week at Mr. Biden’s request, a U.S. Embassy spokesperson told reporters.
State Department officials also provided a closed-door briefing on cybersecurity policy for the Senate Foreign Relations Committee on Wednesday morning.