Government websites going dark in Ukraine on Wednesday spread fear that an escalating conflict with Russia in cyberspace is headed to America, a cyberwar that experts say is already underway and for which the U.S. is unprepared.
The Biden administration’s imposing new sanctions over Russia’s military advance in Ukraine may provide Russia a justification to respond against America in cyberspace, the experts say.
Karim Hijazi, CEO of cyber intelligence company Prevailion, is sounding alarms about Russia activating implanted vulnerabilities in America’s critical infrastructure, particularly in water treatment plans, the energy industry and the power grid.
“Cyber combat, for lack of a better term, has been going on for a very long time,” Mr. Hijazi said. “It’s going to become more overt.”
Western cyber officials are earnestly trying to quiet discussion of adversaries’ saber-rattling for cyberwar while simultaneously urging cybersecurity professionals to get their shields up in case the battle ensues.
As official websites for Ukraine’s parliament, the foreign ministry, and security service became inaccessible on Wednesday morning and all eyes turned to the likely Russian culprits, U.S. and U.K. cyber officials published an alert exposing new malware used by attackers allegedly connected to the GRU, the Russian military intelligence agency.
The U.K. said an analysis of “Cyclops Blink” malware was a “routine advisory and not directly linked to the situation in Ukraine.”
A day earlier, White House press secretary Jen Psaki said there was “no current pending threat” in cyber when she was questioned about a potential cyberwar with Russia.
But the Biden administration has told computer network defenders to be on the lookout for cyberattackers deploying new tools not previously used as the crisis in Ukraine escalates.
The cybersecurity firm ESET said it discovered malware on hundreds of machines in Ukraine and the dangerous software might have been installed several months earlier waiting for the right moment to attack.
Mr. Hijazi has observed systems infected with malware communicating with foreign handlers and he is worried about what will happen when adversaries activate the malware waiting inside American infrastructure. He said he does not have the legal authority to intervene in everything his company observes and he thinks federal law enforcement may not have the staffing at a level necessary to eliminate the threat.
“Luck favors the prepared in this case and we’re kind of behind the curve in removing some of these implants,” he said.
The cybersecurity community inside and outside of the government is urging people to become vigilant. The Cybersecurity and Infrastructure Security Agency adopted the mantra “shields up” to counter threats to critical infrastructure for such things as power and communications from the Russian government.
Christian Sorensen, CEO of cybersecurity company SightGain, said America is not ready for cyberwar with Russia. He said the cybersecurity community has been vocal about the need to prepare but not everyone is doing so.
“It’s not easy to do and it’s not cheap to do currently,” Mr. Sorensen said. “It’s a little bit of screaming into the forest and not [getting] the reaction that is necessary to be prepared but at the same time it’s not like it’s a quick fix, easy to fix either.”
Mr. Sorensen, who formerly served U.S. Cyber Command, said it is overdue for organizations to look at whether their cybersecurity is actually working and learn the answer before something calamitous happens.
The general public may not know immediately when cyber warfare is underway or know who is responsible.
National Cyber Director John C. Inglis told the House Oversight and Reform Committee in November that a cyberattack is usually considered an act of war when it accomplishes the same amount of damage as a kinetic weapon, involving things such as the “loss of health safety, national security of a significant nature.”
Mr. Hijazi said such a cyberattack could involve taking down a water treatment plant and causing hazardous drinking water that gives people dysentery and overwhelms hospitals with patients.
While cyber professionals are becoming more skilled at identifying criminals responsible for attacks, Mr. Hijazi said there is a lot of collusion between hostile nations in cyberspace and many countries would look to take advantage of a cyberwar hammering the U.S. like a gang of looters.
“If there’s going to be an all-out cyberwar or conflict, you’re going to have the looters show up,” he said.