This activity is likely “not about espionage, it’s probably about disruptive or destructive (cyber) activity,” said Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, during a phone briefing with industry executives and state and local government employees, three sources said about the call, writes CNN’s Sean Lyngaas.
The advisory is part of a growing chorus of warnings that US infrastructure is at risk, Lyngass writes.
“For months, the US Departments of Energy, Treasury and Homeland Security, among others, have alerted major electric utilities and banks to Russian hacking capabilities and urged companies to lower their thresholds for reporting suspicious activity.”
Some companies are not prepared for this
The bottom line of Biden’s warning Monday and the FBI’s assessment was that the infrastructure behind US society and American life is largely in private hands and needs to be made more secure from hacks.
Biden has told Putin to scrap it
“We had a long conversation about what the consequence would be if he uses it,” Biden told business leaders Monday.
He specifically mentioned the energy, power and financial sectors.
What might a large-scale cyber attack look like?
CNN’s Ivana Kottasová wrote last June about the attack, which Estonia viewed as an act of cyberwarfare. It all started with Estonia’s decision to remove a Soviet-era war memorial from central Tallinn.
Here are some key takeaways from their report:
The attack made Estonia realize that it had to start treating cyber threats the same way it treats physical attacks.
At that time, the country was already at the forefront of e-government and had introduced services such as online voting and digital signatures. Although no data was stolen during the incident, websites of banks, media and some government services were targeted by distributed denial-of-service attacks that lasted 22 days. Some services have been interrupted while others have been shut down completely.
NATO and the international community took note of the attack on Estonia and experts developed a standard for assessing cyberwar as a result.
When is a cyber attack an act of war?
I called Tess Bridgeman, associate editor of the Just Security website and former Obama White House attorney who is an expert on war power and international law.
“If a cyberattack causes significant death, destruction or injury, as you would see from a more traditional attack using kinetic means like bullets or missiles, then you would call it ‘use of force’ internationally,” she said.
A cyberattack targeting a dam or air traffic control towers could reach that level, but the government would go to great lengths not to respond to a cyberattack with a military attack, she said.
Attacks on the US to date have fallen below the threshold justifying a military response.
While the government seeks countermeasures, Bridgeman said there’s a good chance they won’t become public knowledge.
“It may appear that the US is standing by, but I very much doubt that is the case,” she said, arguing countermeasures may be more effective in de-escalating the standoff. “It is an example of what responsible government action looks like.”
Could weapons be used to respond to a cyber attack?
The threat of a military response always exists for the worst cyberattacks, should they take American lives.
“Our policy, our stated policy, is that if it’s an attack on us that’s large enough and harms us, we will use conventional arms response,” said Richard Clarke, who is a top cybersecurity adviser to President George W. Bush was, told CNN Michael Smerconish shortly after the start of the war in Ukraine.
“So we could very easily find ourselves in a shooting war with Russia if they try to launch devastating – and it would have to be devastating – cyber attacks like turning off the power grid,” Clarke said.
Most of these attacks are intended to be part of espionage campaigns or to be more annoying than deadly. Clarke argued that Russian attacks on US industry could be more devastating than attacks on the government itself. He said the government doesn’t really know what would happen if, for example, the cloud systems of Amazon, Google and Microsoft went offline.
“I can tell you when those clouds go down, the United States stops working, our economy stops working, the phones stop working — we’re going to find ourselves in the Dark Ages pretty soon when the internet goes down,” Clarke said.
What if Russia attacked a US ally?
It’s not clear that Russia would want to deliberately provoke the US in such a devastating way, or how the US would respond.
Could a cyber attack trigger Article 5?
A cyber attack could well trigger Article 5. NATO Secretary General Jens Stoltenberg made this clear in February immediately after the Russian invasion.
But he added that NATO would be very careful in assessing an attack and would ensure that a cyberattack on Ukraine – such as cutting off the power – that inadvertently spilled over into Poland or Romania would not be construed as an attack on those countries .
He also said it was intentionally unclear what type of cyberattack would rise to the level of Article 5 invocation.
NATO, he said, “does not want to give a potential adversary the privilege of defining exactly when we trigger Article 5.”