As the Russian invasion of Ukraine continues through its second month with no let-up in sight, Federal cybersecurity and law enforcement officials are warning that they still see indications of potential Russian cyberattacks on United States critical infrastructure, and are reiterating their “Shields Up” warning to meet those potential threats.
Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly and Deputy Attorney General Lisa Monaco alerted the nation to ongoing threat indicators during interviews that aired during the April 17 episode of 60 Minutes.
“We are seeing evolving intelligence about Russian planning for potential attacks, and we have to assume that there’s going to be a breach, there’s going to be an incident, there’s going to be an attack,” Easterly said in an interview with 60 Minutes correspondent Bill Whitaker.
“I think we are dealing with a very dangerous, very sophisticated, [and] very well-resourced cyber actor,” Easterly added. “That’s why we’ve been telling everybody consistently ‘shields up.’ What does that mean? It means assume there will be disruptive cyber activity and make sure you are prepared for it.”
CISA first debuted its “Shields Up” campaign in February, as tensions between Russia and Ukraine were ratcheting up. CISA and its partners have since kept the alert level up as Russia turned those tensions into a full-blown invasion.
While Russia has yet to launch substantial cyberattacks on the United States, CISA and the White House have warned in recent weeks of ongoing threats to critical infrastructure. Easterly told Whitaker that CISA is keeping an eye on the energy and financial sectors in particular.
“We know that targeting the energy sector is part of the Russian playbook, but also finance given potential retaliatory attacks for the very severe sanctions that the U.S. and our allies have imposed and continue to impose” on Russia, Easterly said.
Monaco said that United States cybersecurity officials are seeing increased scanning activity by Russian actors on U.S. critical infrastructure. She explained that activity is evidence that the threat actors are looking for entry points into critical infrastructure systems at a higher rate than before.
“We are seeing Russian state actors scanning, probing, looking for opportunities, looking for weaknesses in our systems on critical infrastructure,” Monaco said. “Think of it as a burglar going around, trying to jiggle the lock in your house door to see if it’s open. And we’re seeing that.
“Those who violate our laws should expect to face justice,” Monaco added.
Monaco recently completed an operation with Attorney General Merrick Garland where they were able to stop Russian state cyber actors before they were set to strike. Monaco said the government had seen military intelligence cyber actors looking to deploy malware on “thousands of computers in hundreds of countries.”
“It’s like an army of infected computers that, with a single command, can be deployed to do everything from gathering information, stealing information, and sometimes to have destructive effect,” she said of the thwarted operation. “We were able to work with the private sector to understand it; to be able to use unique investigative tools to trace it back to attackers at keyboards, and then use our tools to go in not only remove that malware, but to lock those doors to keep the attacker from coming back.”