海角大神

As U.S. and Ukrainian officials try to pin down Russia鈥檚 troop movements amid growing skepticism of President Vladimir Putin鈥檚 claims of a partial withdrawal, an even trickier front to monitor may be cyberspace.

Key Ukrainian websites, including those of the Defense Ministry, military, and two major banks, were disabled by a distributed denial of service (DDoS) attack on Tuesday. Some ATMs shut down briefly, and customers experienced difficulty logging in or checking their balances.

The Ukrainian Centre for Strategic Communications and Information Security said that the聽relatively聽unsophisticated attacks, which can sometimes be used as a smokescreen for more destructive activities,聽were three times greater in magnitude than any previous DDoS attacks on the country and cost millions of dollars.

鈥淭he key goal of the attack is to show the strength of foreign intelligence services and the weakness of the Ukrainian government and to sow panic and chaos in society," the Ukrainian Centre for Strategic Communications and Information Security posted on its Telegram account. Illya Vityuk, head聽of the Security Service of the Ukraine聽Cyber Security Department, said there was evidence that foreign special services were involved and added that the country currently interested in such blows to Ukraine鈥檚 image is Russia.

In Washington, members of Congress expressed concern about possible Russian cyberattacks not only on Ukraine but also on America鈥檚 critical infrastructure. On Monday, the FBI and Department of Homeland Security held a call with state officials, urging them to be on high alert, Yahoo News reported. Senators warned that such an attack would result in grave consequences for Moscow.

鈥淚f they were to hit our infrastructure, they know that we would view that as being a very, very serious act of aggression,鈥� Sen. Mike Rounds of South Dakota, the top Republican on the Armed Services subcommittee on cybersecurity, told the Monitor. 鈥淚f they get into certain parts of our infrastructure, it could be considered an act of war, which would bring holy hell down on Russia.鈥�

In addition to meddling in the 2016 U.S. election, by exploiting partisan divides to pit citizens against each other and undermine faith in American democracy, Russia has also targeted U.S. infrastructure, including energy, nuclear, water, and aviation sectors. It compromised U.S. energy networks, enabling it to conduct reconnaissance for a possible future attack. But an actual attack that shut down such sectors would put both Russia and the United States in new territory.

One challenge is that the rules of engagement in the cyber realm are unclear, senators acknowledged. And there is a greater risk of unintentional escalation, given the speed of attacks and the difficulty in immediately determining the attacker鈥檚 identity and intent. While Russian hackers have wreaked havoc in Ukraine for years, they have yet to deploy their full range of capabilities, casting an added degree of uncertainty over the current standoff.聽

鈥淲e鈥檝e seen cyberattacks that have been one or two bugs,鈥� says Democratic Sen. Mark Warner of Virginia, who chairs the Senate Intelligence Committee. 鈥淏ut we鈥檝e never seen a first-tier nation-state with capabilities like Russia launching a full-on cyberattack.鈥�

Ukraine: 鈥淲e are on the front line鈥�

Over the past 15 years, Russia has been refining a 2.0 version of Soviet-era disruption techniques, enhanced by 21st-century technology. In each of its forays into former Soviet states, it has combined cyberattacks with on-the-ground interference 鈥� first in Estonia, then in Georgia, and most markedly in Ukraine since Russia annexed Crimea from it in 2014.聽

Russian military intelligence agents launched back-to-back attacks on Ukraine鈥檚 power grid over the next two years, according to a U.S. Department of Justice indictment. The U.S. also blamed the Russian military for the 2017 鈥淣otPetya鈥� malware attack, the world鈥檚 largest cyberattack to date, which targeted companies doing business with Ukraine and caused more than $10 billion in damages.聽

鈥淲e are on the front line,鈥� says Serhiy Prokopenko, head of the Ukrainian National Cyber Security Coordination Center (NCSCC). 鈥淟ots of tactics and malware families that were tested here were then used in Western countries.鈥�

In a wooden-and-glass complex not far from Kyiv鈥檚 center, players from the private sector meet with state cybersecurity experts in NCSCC offices to compare notes on how to rebuff attacks by hackers with presumed Kremlin ties.

Mr. Prokopenko says there has been an increase in Russian-suspected activity since October, with attacks becoming larger, more targeted, and more complex. January鈥檚 鈥淥peration Bleeding Bear鈥� left dozens of government websites offline or defaced. These cyber operations are an integral part of Russia鈥檚 hybrid war against Ukraine, designed to undermine confidence in the government.

鈥淭hey want to make services unavailable for citizens 鈥� energy, transport, financial services, and public services 鈥� in order for people to change their mind about the government in Ukraine,鈥� he says.聽

What most worries Kyiv 鈥� and Western companies active in Ukraine 鈥� is a repeat of NotPetya, which took the radiation-monitoring system at Ukraine鈥檚 Chernobyl nuclear power plant offline. It also hit Ukraine鈥檚 banking and metro systems.聽

While Ukraine is not a member of NATO, the shared goal of thwarting Russian cyberattacks has led to cooperation, including joint exercises planned in the next couple of months.聽

鈥淲e are trying to be more integrated in the NATO way of countering cyberthreats,鈥� adds Mr. Prokopenko.聽

U.S. bracing for a possible retaliatory attack

Congress had been working on a sanctions package to deter any Russian military action, including a cyberattack. But that effort stalled Tuesday, with Senate Foreign Relations Committee Chairman Bob Menendez blaming top Republican Sen. Jim Risch of Idaho for introducing a new GOP draft after weeks of bipartisan talks. The delay allows Moscow to continue to benefit from a rise in oil prices, which have seen a 50% increase over the past year. Instead, a bipartisan group of senators issued a statement.

鈥淢ake no mistake: the United States Senate stands with the people of Ukraine and our NATO allies and partners most threatened by Russian aggression,鈥� they said. 鈥淲e are prepared to respond decisively to Russian efforts to undermine the security of the United States at home and abroad.鈥澛犅�

But some are concerned that the U.S. has demonstrated more bark than bite when it comes to Russian cyberattacks.聽

Sen. Richard Blumenthal, who sits on the Armed Services cybersecurity subcommittee, points to a 2020 attack on SolarWinds software used by more than half a dozen U.S. government departments, which officials say was likely perpetrated by Russians. 鈥淩ight now, they鈥檙e attacking with impunity,鈥� the Democrat from Connecticut says. 鈥淗ave we responded?鈥�

Sen. Angus King of Maine, who co-chaired a cyber commission to develop a more unified U.S. cybersecurity strategy, says a lot has been done in the past year to bolster the nation鈥檚 defenses 鈥� including creating a new position of national cyber director. But a key recommendation from the commission has yet to be implemented: improving coordination between the government and private sector, which controls more than 80% of U.S. critical infrastructure.聽

Senator King, an independent who caucuses with Senate Democrats, says there鈥檚 鈥渟ignificant鈥� concern that Russia could retaliate against U.S. support for Ukraine with a cyberattack. 鈥淥bviously no one wants to escalate this conflict. But if Russia chose to escalate it some way in response to whatever we did, then cyber would be one of the things they would choose.鈥�

鈥淚t鈥檚 kind of like poison,鈥� says Senator Risch, noting that Russia started with a cyberattack before interfering in Estonia, Georgia, and Crimea. 鈥淚t鈥檚 [a weapon] in their quiver that they reach for and grab very easily.鈥�