Hacking risk shadows U.S. business as Russia threatens critics
A swath of major American businesses — from major banks to utility companies — is preparing for possible cyberattacks against their computer networks as Russia on Thursday threatened “consequences” for nations that interfere with its invasion of Ukraine.
Their concerns, echoed in Csuites and around Washington, follow recent warnings from the Biden administration that U.S. firms should harden their defenses against potential cyberattacks that could disrupt the nation’s critical infrastructure.
American officials say there are no current threats against the U.S. But they have nonetheless urged organizations to plan for worst-case scenarios and more aggressively monitor their computer networks for possible intrusions.
"Right now, everybody needs to be at a heightened alert in the event this continues to escalate, and Russia tries to sway political opinion by causing damage in the United States and its Western allies,” said David Kennedy, the chief executive officer of security firm TrustedSec. He said companies should be going through their computer infrastructure “with a fine-tooth comb” to ensure previous intrusions can’t be used to cause future, more damaging, attacks.
Major U.S. banks, for instance, fear aggressive cyberattacks if Washington imposes deeper financial sanctions on Russia, said two banking executives who spoke on condition of anonymity to discuss private conversations. CEOs of major financial firms and their cybersecurity experts recently met with Treasury officials as Russian threats of war intensified, according to the executives. (The New York Times previously reported the meeting.)
Russian President Vladimir Putin warned Thursday that any foreign attempts to interfere with Russia’s actions in would lead to “consequences you have never experienced,” according to remarks of his speech provided by the Kremlin. U.S. officials have tied recent cyberattacks on government websites and banks in Ukraine to the Russian government.
On Thursday, President Joe Biden warned that the U.S. is “prepared to respond” to any cyberattacks.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, has been urging U.S. businesses and organizations to be prepared for cyberattacks, despite the lack of specific threats. “Russia may consider taking retaliatory action in response to sanctions that may impact our critical infrastructure,” she tweeted on Tuesday. Those warnings were echoed by Energy Secretary Jennifer Granholm in a letter Wednesday to energy executives, urging them to prepare to “the highest possible level for potential Russia-linked cyber and disinformation activity or cybercriminal activity from actors seeking to exploit the ongoing geopolitical situation.”
CISA’s “Shields Up” campaign has encouraged cyber preparedness in recent days, from ensuring that software is up to date to designating a crisis-response team for a suspected cybersecurity incident. “The Russian government understands that disabling or destroying critical infrastructure— including power and communications — can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives,” according to a webpage devoted to the campaign.
Speaking on a panel for the Aspen Institute last week, Easterly said, “We all recognize that early warnings of a cyberattack effecting U.S. organizations are frankly going to be identified by very likely a private company first rather than the government.”